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Racks of ultracompact blade servers 
produce an amazing amount of heat that can 
lead to equipment failures or slowdowns. 3 
Now data center managers have to figure out 0% 
how to keep this hot technology cool. Page 25 
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Cisco Reiterates WLAN Threat | 


Attack tool targets 
authentication code; 
long passwords urged 


BY BOB BREWIN 

Cisco Systems Inc. last week 
said it plans to issue a new — 
and better publicized — warn- 
ing about a security threat to 
its user authentication tech- 
nology for wireless LANs, af- 
ter it was told that a tool for 
attacking the software would 
be publicly released. 





Cisco first disclosed in early 
August that its widely used 
Lightweight Extensible Au- 
thentication Protocol algo- 
rithm is vulnerable to so- 


| called dictionary attacks 


aimed at discovering user 
passwords. The company 
posted a notice on its Web site 
and said its sales force was 
told to inform customers 
about the threat. But several 
Cisco users last week said 
they never got word of it. 
Mike Wiesenberg, director 
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ClOs aren’t as transient as they used to be. 
Former @stake CTO Dan Geer talks about getting the boot. 


of network services at Sharp 
HealthCare in San Diego, 


| faulted Cisco for not taking “a 

| more proactive” approach to 

| notifying LEAP users of the 

| potential for attacks. Wiesen- 

| berg said he doesn’t check 
Cisco’s Web site on a daily ba- 

| sis for security updates and 

WLAN Threat, page 13 | 


The Trouble With LEAP 
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Pentagon Moves 
On Massive HR 
System — Slowly 


Prime contractor chosen for $320M project 


two years after purchase of PeopleSoft apps 





BY MARC L. SONGINI 
More than two years after it 
chose PeopleSoft Inc.’s soft- 
ware for a massive human re- 
sources system, the U.S. De- 
partment of Defeise is fiuaily 
ready to start development 
work on the $320 million-plus 
project. But it will 
take another four 
years to complete the 
rollout, military offi- 
cials said. 

The project, which 
is about 12 months s 
behind schedule, will create 


| asingle system for HR and 


payroll operations across all 


| branches of the armed forces, 
| incorporating data on more 

| than 3 million military person- | 
| nel worldwide. The DOD paid 


PeopleSoft $48 million for an 


| enterprise software license in 


UA en 
DOD's ERP project, 
Pi ea | 


August 2001, and last week i it 


; named Northrop Grumman 


Corp. as the prime contractor 
on the implementation under 
a nine-year, $281 million con- 
tract. 

U.S. Navy Capt. Valerie Car- 
penter, the joint program man- 
ager, said the HR 
project will replace 
79 systems within 
the DOD. She added 
that Pentagon offi- 
cials in February 
plan to release pro- 


| jected ROI figures for the ini- 


tiative, which is officially 
known as the Defense Inte- 
grated Military Human Re- 


| source System, or DIMHRS. 


The DOD project will be the 
largest installation of People- 


| Soft’s human resources appli- 


Pentagon, page 13 


IBM Hosting Goes On-Demand 


Remote data center 


service takes ASP tack; | 
offshoreisanoption | 


BY PATRICK THIBODEAU 
A plan unveiled by IBM last 
week may ultimately help 
make the location of a corpo- 
rate data center largely irrele- 
vant, even allowing for data 
centers that are outsourced 
offshore. 

IBM has broadened its re- 
mote Virtual Server Services, 
which had been offered only 


| INSIDE 





on its zSeries servers, to in- 
clude the rest of its eServer 
line — iSeries, pSeries and 

xSeries servers — with sup- 


| port for Windows, Unix and 
| Linux. 


The company is also adding 
& 


| applications to its on-demand 
| computing services under an 


application service provider 
model. Officials said IBM had 
inked an agreement with Sie- 
IBM Hosting, page 53 


@ IBM will host slimmed-down Siebel 
CRM apps, ASP style. Page 53 





As of today, security is not just about what you can 


STOP 
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Start with Intrusion Prevention Solutions from McAfee Security® and dis- 
cover how to go beyond merely detecting threats to preventing them altogether. 
With McAfee® System Protection and Network Protection Solutions, your 
business is completely protected—from the core to the edge of Veligariion 4 
including servers and desktops 


I's about what you can 


START 


Start building productivity faster... Knowing your‘network and systems are 
safe from both known and unknown threats, you'll be free to focus on bigger 
Sans picture issues, like maximizing the RO! of your technology investment 


Start saying yes to users more. Users want full Internet access, they want 
laptops, they want PDAs, they. want wireless, and they don't-want to hear about 
how security concems outweigh their needs. Now they don't have to. Because 
with McAfee Security you can start-giving them the technologies they need 


without giving up the security your enterprise demands. 

Start growing securely. When you're secure you can start thinking more 
about how ideas spread and less about how network threats spread. You can 
start expanding what your network can do, not simply reducing what hackers 


can do. You can start chasing what you're after, not what's after you. 


Start today at start. mcafeesecurity.com 
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SAMSUNG DIGITall) 


everyone's invitedw 


® Super-bright, razor-sharp 
19" analog/digital TFT/PVA display 
© Unique dual-hinge base ailows 
up to 90° tilt for optimal ergonomics 
© 1280 x 1024, Xtrawide™ 170°/170° 
viewing angle, VESA® wall-mouniable base 
* World's ieading manufacturer of 
TFT-LCD displays 


«-+e-es Visit WWWw.samsungusa.com 


©2903 Samsung Electronics America, inc. Screen images are simulated. 


That’s DigitAll vision. 
B A NK=O NE | How has Bank One become a leader in banking 
= * | while showing its nearly 500,000 small business 
clients the path to a bigger, brighter future? With unparalleled vision and 
absolute clarity. That's why Bank One chooses Samsung — the world’s leading 
manufacturer of TFT-LCD displays. And now Samsung’s commitment to the 
big picture continues with the innovative display technology found in the 
SyncMaster 192T, giving you the opportunity to visualize a future just as bright. 


Add vision. Add possibility. Add Samsung. 
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Weighing the Change to Blades 


In the Technology section: Blade servers offer many advan- 
tages over 1U servers, but they’re not always the better 
choice. They reduce hardware and conserve data center 
space while providing flexibility and manageability, but the 
trade-offs can include cultural and cooling problems. Page 30 
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Outsourcing Bi With Control 


In the Management section: Whether you farm out all 
or part of your business intelligence operations, the hot 
issue is making sure data quality won’t suffer, says Mike 
Larson (left), a product and process quality leader at 
Canon Information Technology Services. Page 37 


OPINIONS 
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A GAO report that was just 
released says homeland secu- 
rity requires better tracking 
of H-1B visas. 


HP provides Gigabit Ethernet 
support with a pair of stack- 
able edge switches. 


ClOs are staying at their jobs 
longer, a byproduct of the 
weak economy and a push for 
stability from management. 


The SCO Group threatens to 
revoke SGI’s Unix license. 


Marimba’s upgraded applica- 
tion-tracking tool could help 
companies cut licensing costs. 


lron Mountain announces a 
service to help financial ser- 
vices firms comply with 

e-mail retention regulations. 


EMC ties two network- 
attached storage devices 
to its Clariion disk arrays. 


Companies concerned about 
legal requirements and pro- 
tecting their reputations are 
making privacy a priority. 


The DHS’s cybersecurity 
division will create a real-time 
awareness system that will 
look for signs of a coordinated 
attack, or virus and worm out- 
breaks. 


Identity theft may be thwart- 
ing homeland defense plans. 


Q&A: Dan Geer talks about his 
role in a report that criticized 
Microsoft’s dominance of the 
software industry. 


Cee eeeerersesceseseses 


eecees 


25 Moving Toward Meltdown. 


High-density server racks are 
pushing today’s data center 
cooling systems to their limits. 


32 Case Study: Cruise Line 


Changes BI Tack. Holland 
America Line moves to a Web- 
based business intelligence re- 
porting system to improve in- 
formation access and flexibility. 


33 QuickStudy: Aspect-Oriented 


Programming. This new de- 
velopment method allows pro- 
grammers to distribute com- 
mon or similar functionality 
throughout a program through 
modules called aspects. 


34 Security Manager’s Journal: 


Mop-up Continues in Worm 
Aftermath. The Blaster worm 
continues to creep into the 
network through unprotected 
machines in Mathias Thur- 
man’s shop. 


MANAGEMENT 





42 Agriculture Cultivating 


E-business. A new e-business 
database combines three ear- 
lier ones used by the agricul- 
tural industry and has yielded 
supply chain savings. 


43 Law Firms Open Up. Attor- 


neys are using extranets to 
collaborate with clients who 
want access to their own 
documents and to save on 
operating costs. 


44 Coping With Outages. NStar 


is upgrading its systems to 
enable dispatchers to deliver 
improved customer service. 


8 On the Mark: Mark Hall re- 
counts the dilemma of decid- 
ing whether to fire workers 
who break security policies; 
he also finds ways to save 
them from themselves. 


20 Maryfran Johnson delves into 


how credibility issues under- 
mined a potentially useful 
report on security. 


20 Pimm Fox wants content 
management to be a neat and 


tidy process. And he’s found a 


way to make it so. 


Thornton May predicts that 
ubiquitous information will 


subvert most of what we know 


about data management. 


35 Paul A. Strassmann says 


CFOs’ eagerness to harness IT 
is evident in the government’s 


method of assessing projects. 


46 Paul Glen says IT require- 


ments aren’t just lying around, 


fully formed and ready to be 
“gathered” for IT projects. 


They require difficult negotia- 


tions between business users 
and IT. 


54 Frankly Speaking: Frank 


Hayes offers some precise ad- 


vice on how to “fix” kludgy 


and cumbersome applications 


running at your company. 
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The single biggest factor affecting 
IT unemployment is: 
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Is the Decay of Code Inevitable? 
DEVELOPMENT: Developers often want to 
rewrite code that they are given to maintain. 
Maybe this practice should be required. 

@ 41717 


It’s All in the Interoperability 
STORAGE: The CEO of The Storage Group 
discusses interoperability issues and data 


protection strategies. @ 41752 


Wireless Is ‘In’: Use It Wisely 
SECURITY: Columnist Marcia Wilson under- 
stands the lure of Wi-Fi, but she also fears for 
those business travelers who don’t consider 
the risks. @ 41665 
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AT DEADLINE 


IBM Makes Cuts 
At IT Services Unit 


IBM said that about 720 U.S. 
workers at its IT services unit are 
being laid off as part of a re- 
assessment of the operation’s 
staffing and skill needs. The cut- 
back at IBM Global Services fol- 
lows a similar layoff that was an- 
nounced late last month by the 
company’s software group 
[QuickLink 41712]. IBM Global 
Services currently employs about 
180,000 people. 


Siebel Expects Q3 
Loss, Lower Sales 


CRM software vendor Siebel Sys- 
tems Inc. said it expects to report 
a loss of about $60 million for the 
third quarter on revenue of about 
$320 million. The San Mateo, 
Calif.-based company said it 
would be profitable if not for one- 
time expenses, including a $107 
million charge taken to cover re- 
cent layoffs. It added that soft- 
ware sales will total about $110 
million, down 13% from $126.8 
million a year ago. 


Microsoft Targets 
Small Businesses 


Microsoft Corp. this week plans to 
release small-business software 
bundles that are built around Win- 
dows Server 2003 and tailored to 
companies with fewer than 100 
workers and 50 PCs. The Win- 
dows Small Business Server 
2003 offering includes a stan- 
dard edition with Exchange Serv- 
er 2003 and a premium version 
that adds SQL Server 2000 and 
Microsoft’s Internet Security and 
Acceleration Server. 


HP Tries to Lure 
Sun Users to Linux 


Hewlett-Packard Co. announced a 
program aimed at converting 
users of Sun Microsystems Inc.’s 
Unix servers to Linux systems. HP 
said it will offer users $25,000 
worth of assessment, porting and 
migration services at no cost. 


Systems lack ability 
to share information 


BY PATRICK THIBODEAU 
WASHINGTON 
EDERAL OFFICIALS 
don’t know how many 
H-1B visa holders are 
working in the U.S. be- 
cause the two systems that 
collect critical data on visa 
holders aren’t integrated. 

That problem was detailed 
in a long-awaited General Ac- 
counting Office report re- 
leased last week on the H-IB 
program’s effects on the U.S. 
workforce. The GAO said its 
effort to study the matter was 
hindered on two fronts. 

First, key data is missing. 
One system tracks entries and 
departures of H-1B holders, 
and another monitors changes 
in a visa holder’s status, such 
as loss of employment. But 





NEWS 


those systems aren’t integrat- 
ed, so the government doesn’t 
know how many visa holders 
are in the U.S., the GAO said. 

Second, the GAO contacted 
145 companies to discuss their 
H-1B use, but only 36 agreed to 
interviews. While the nearly 
50-page report anonymously 
summarizes the 
results of the in- 
terviews, the GAO 
warned that be- 
cause of the small 
sample size, the 
results “cannot be 
viewed as repre- 
sentative of all 
H-1B employers.” 

Chris McManes, 
a spokesman for 
the U.S. chapter of the Insti- 
tute of Electrical and Electron- 
ics Engineers Inc., which has 
opposed the H-1B program, 
said the small sample “limited 
the GAO’s ability to assess 


ta eas 


of systems analysts 
and programmers hold- 
Tie M a ls: Rr oe] 
graduate degree, vs. 14% 
RU am Ome Mee iste aoe 


Data Problems Thwart 
Effort to Count H-IBs 


what’s really going on.” 
McManes said the findings 
support arguments that H-1B 
workers are being paid less 
than their U.S.-citizen coun- 
terparts, at least in one age 
bracket. Salaries listed on ap- 
proved H-IB petitions for ei- 
ther electrical/electronic engi- 
neers or systems 
analyst/program- 
mer analysts who 
were between 31 
and 50 years old 
were about 
$11,000 to $22,000 
lower than the 
salaries reported 
by USS. citizens. 
But the salaries 
of H-1B workers 


| 18 to 30 years old were as 


much as $10,000 higher than 
those of their U.S. counter- 
parts, which may mean that 
there are more hires in this age 
group with advanced degrees. 
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Thom Stohler, a vice presi- 
dent of the AEA, a trade group 
representing the high-tech in- 
dustry that has advocated a 
higher H-1B visa cap, said the 
report underscores the need 
for better data. “We all need to 
be using the same data, or we 
cannot have rational a discus- 
sion,” he said. 

The H-1B visa, which allows 
skilled foreign workers to take 
jobs in the U.S. for up to six 
years, is limited by a cap that 
declined to 65,000 last week 
when the new federal fiscal 
year started. The cap had been 
195,000 for the past three years. 

Vic Goel, a Greenbelt, Md.- 
based immigration attorney, 
said the reduced cap will be 
reached by early next year, in 
part because about 22,000 
pending H-1B applications 
filed in the last fiscal year will 
be counted against this year. 

The U.S. Department of 
Homeland Security, which is 
now responsible for immigra- 
tion policy, is aware of the 
visa-tracking problem and is 
developing a consolidated sys- 
tem, according to the GAO. 

@ 41884 





BY MATT HAMBLEN 
Hewlett-Packard Co. today 
wili announce several net- 
working products, including a 
pair of stackable edge switches 
that it said can support Gigabit 
Ethernet transmission speeds. 

The new HP ProCurve 
switches are priced at about 
$100 per port, making them 
the most affordable Gigabit 
Ethernet switching devices 
now on the market for edge 
networking use, claimed Darla 
Sommerville, general manager 
of ProCurve networking in 
HP’s Americas region. 

The switches began ship- 
ping last week along with new 
ProCurve management soft- 
ware that HP said gives IT 
managers more network con- 
trols, including a single view 
of wired and wireless net- 
works. HP also released a 
wireless access point device 








‘HP Rolls Out Stackable 
Gigabit Ethernet Switches 


that was announced last 
month and supports connec- 
tivity via the 802.11b and 
802.lg protocols. 

Richard Lee, director of op- 
erations at Media General Inc. 
in Richmond, Va., has been us- 
ing a demonstration model of 
the 24-port ProCurve Switch 
2824 for three months, moving 
it to different network loca- 
tions to test it. Lee said he has 
ordered 20 more switches 
from HP because the demon- 
stration device has proved to 
be effective. 

For instance, Lee has used 
the switch to triple the speed 
of backing up data from Media 
General’s 260 servers, which 
include IBM AS/400s plus 
computers running Windows, 
Unix and other operating sys- 
tems. Many of the servers 
have built-in Gigabit Ethernet 
connections, “so it’s advanta- 





geous for us to have the speed 
in the switch,” Lee said. 

He added that Media Gener 
al, a newspaper, TV and Inter- 
net company with 1,600 em- 
ployees at its corporate offices, 
has found HP’s switches to be 
reliable in the past, with up- 
front prices that were less than 
half the cost of comparable 
Cisco Systems Inc. switches. 

Chad Williams, director of 
public-sector sales at Matrix 
Integration, a Jasper, Ind.- 
based company that resells 
and installs Cisco and HP 
products, said he generally 
can offer HP switches at half 
the price per port that Cisco 
charges. In addition, HP does- 
n’t have an annual mainte- 
nance fee, while Cisco charges 
users about 25% of the upfront 
purchase price of a switch per 
year, Williams said. 

HP’s announcements will 
help round out its line of 
switches, which have been 
known more for data center 
switching than for WAN use, 
said Zeus Kerravala, an analyst 





HP’S NEW PRODUCTS 


= PROCURVE SWITCH 2824: 
Supports 20 Gigabit Ethernet 
ports and four ports for either 
Gigabit Ethernet or mini-GBIC 
(Gigabit Interface Converter) 
connections. 

Starts at $2,499. 


Se eeeererereseeseeeessseees 


= PROCURVE SWITCH 2848: 
Supports 44 Gigabit Ethernet 
ports and four dual-mode ports. 
Starts at $4,899. 


Cree ereseereeeseessseses 


= PROCURVE WIRELESS 
ACCESS POINT 420 NA: 
Includes two removable antennas 
and Power over Ethernet connec- 
tions. Starts at $469. 


Pee eeeereseseseceseseseses 


= PROCURVE MANAGER 
PLUS: Network management 
software that supports both 
wired and wireless networks. 
Starts at $1,999. 

at The Yankee Group in 
Boston. 

HP ranks third in total Eth- 
ernet switch revenue in North 
America, trailing Cisco and 
Marlboro, Mass.-based 3Com 
Corp., Kerravala said. @ 41813 
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ClOs Holding on to Their Jobs Longer 


Weak economy, push for stability reduce turnover for execs 





BY THOMAS HOFFMAN 
As companies finalize their IT 
budgets for next year, some 
CIOs are finding themselves 
eyeing their calendars for an 
altogether different reason: to 
mark the increasing amount of 
time they’re spending at their 
current jobs. 

Consulting firm Meta 
Group Inc. said its research 
shows that CIOs currently are 
staying in their jobs for an av- 
erage of 3.5 years. Although 
survey data measuring how 
job tenures have changed in 
recent years isn’t readily avail- 
able, seven CIOs and several 
technology analysts last week 
said anecdotal evidence indi- 
cates that longevity rates are 
on the upswing in corporate 
IT departments. 

There are several factors 
contributing to the higher CIO 
retention rates, they noted. 
For starters, many corporate 
CEOs have tried to maintain 
stable management teams be- 
cause of the weak economy, in 
part to reassure skittish in- 
vestors. The economic prob- 
lems have also reduced the 
amount of job-hopping by IT 
executives. 

There’s less churn among 
CIOs in corporate America 
now than there was during the 
dot-com boom, when all types 
of IT professionals moved 
from job to job, said Damien 
Bean, vice president of corpo- 
rate systems at Hilton Hotels 
Corp. in Beverly Hills, Calif. 
“CIOs that have done an effec- 
tive job of aligning technology 
with business requirements 
seem to be hanging around 
longer to see through on those 
efforts,” Bean added. 


Tech-Savvy CEOs 

In addition, the CIOs said 
CEOs and chief financial offi- 
cers have become more tech- 
savvy and increasingly recog- 
nize the importance of giving 
IT leaders enough time to fol- 
low through on the technolo- 
gy strategies they have imple- 
mented to support long-term 


| 


| gy,” said Heath Daughtrey, 





business objectives. Corporate 
executives “have realizedthe | 
strategic nature of technolo- 


vice president of IT services 
at Harrah’s Entertainment Inc. 
in Las Vegas. 

“Part of it is that there aren’t 
a lot of [job] opportunities in 
the market right now,” said 
Mike Lecours, information 
systems manager at The Gund 
Co., a St. Louis-based maker of 
electrical products. “But man- 
agement is also recognizing 
that stability is needed to help 
IT leaders execute on the 
businesses’ strategies.” 





Tim Monteith, who has 
been CIO at Domino’s Pizza 


| LLC in Ann Arbor, Mich., for 
| nearly three years, said the 
| restaurant chain’s CEO “has 


formed a team that has been 


| trying to drive the company in 


many new directions, and that 
doesn’t happen if you keep 
flipping leadership all the 


| time.” 


| Less Volatility 


Furthermore, industry-specif- 


| ic factors may be contributing 


to lengthier CIO tenures. For 
example, among manufactur- 
ers, “a lot of ERP implementa- 


SCO Threatens to Revoke 
SGI's Unix License Rights 


Users say they | 
don't see a reason | 
to be concerned 

BY ROBERT MCMILLAN 

Add Silicon Graphics Inc. to 
the list of technology compa- 
nies that have been dragged 
into The SCO Group Inc.’s 
Unix copyright infringement 
dispute. 

In an Aug. 13 letter ad- 
dressed to SGI's legal depart- 
ment and released to the me- 
dia last week, SCO CEO Darl 
McBride claimed that SGI’s 
contributions to Linux put it 
in breach of its 1986 Unix li- 
censing agreement, originally 
signed with AT&T Corp. but 
subsequently transferred to 
SCO. 

According to McBride’s let- 
ter, “SGI flagrantly permitted 
the copying and use of our 
proprietary information with- 
out any knowledge of the 
identities of the recipients” 
and “subjected our source 
code to unrestricted disclo- 
sure, unauthorized transfer 
and disposition, and unautho- 
rized use and copying.” 

The letter threatens to ter- 





spokeswoman 


| “Our license is ful- 


minate SGI’s Unix license as 


| of Oct. 14 should SGI fail to 


“remedy all violations.” 
Terminating SGI’s Unix li- 
cense would affect SGI’s Irix 


| Operating system, which uses 
| SCO’s System V Unix code, 
| according to SCO spokesman 


Blake Stowell. “It would mean 
that they would have to either 
stop shipping it, or either de- 
stroy or return all copies of 
Irix to SCO,” Stowell said. 


Meritiess Allegations 
Mountain View, Calif.-based 
SGI responded to SCO’s letter 
in early September with a let- 
ter claiming that SCO’s allega- 


tions were without _ = 


merit, said SGI 
Marty Coleman. 


ly paid and nonter- 
minable. They 
can’t terminate it,” 
she said. “We don’t 
believe that their 
allegation of 
breach of contract 
has any merit.” 
SGI appears set 
to follow in the 
footsteps of IBM, 
which in June had 


| tions weren’t successful, and 
| the CIOs got fired for that 


kind of thing,” noted Paul 
Klein, CIO at Rich Products 


| Corp., a Buffalo-based maker 
| of frozen foods. But now that 


| 
| 
| 





We try 
to stay 
out of these 
external activi- 
ties. These 
things don’t 
really come 
into our realm. 
THOMAS ZACHARIA, 
ASSOCIATE LAB DIRECTOR, 


OAK RIDGE NATIONAL 
LABORATORY 


| many companies have com- 


f that have 
Male done anetfec- 
tive job of align- 
ing technology with busi- 
ness requirements seem to 
be hanging around longer. 


DAMIEN BEAN, Vice president of 
corporate systems, Hilton Hotels Corp. 


its license to distribute its AIX | 


operating system revoked by 
SCO following similar allega- 
tions. IBM continues to dis- 
tribute AIX, and the question 
of whether it breached its Sys- 
tem V Unix agreement is now 
the subject of a $3 billion law- 
suit. 

Prior to revoking IBM’s 
Unix license, SCO sued the 
company for breach of con- 
tract. Stowell declined to say 
whether or not Lindon, Utah- 
based SCO was planning simi- 
lar legal action against SGI. 

Two users of SGI hardware 
in the scientific community 
said they have no concerns 


about the escalating legal fight | 


between SGI and SCO. 
Thomas Quinn, a professor 
of astronomy at the University 
of Washington in Seattle, said 
the SCO case 
against IBM has 
been in his mind 
for months be- 
cause he has other 
machines running 
Linux in his lab. 
But he said action 
by SCO against 
SGI won't affect 
the use of his two 
SGI Altix 3000 sys- 
tems. “I’m assum- 
ing that SGI is just 
going to continue 
to support my ma- 
chines,” he said. “I 





pleted such projects, “there is- 

n't as much volatility,” he said. 
For their own part, many 

ClOs have developed a better 


| understanding of how to runa 


business, said Steve Scott, vice 
president of IT at Vision Ser- 
vice Plan, an eye care benefits 


| provider in Rancho Cordova, 
Calif. Scott, who will have 


been in his position for three 
years in January, said he hopes 


| to “drive that [figure] up.” 


Howard Rubin, executive 


| vice president at Meta Group 
| in Stamford, Conn., said he 


sees a different set of dynam- 
ics at play. CIOs who have met 


| the cost-cutting pressures im- 
| posed by senior management 


over the past two years “have 


| either been retained or pro- 
| moted,” he said. “Those that 
| didn’t got the boot.” @ 41841 


don’t have too much reason to 
be concerned. 

“At the moment, just from 
what I read [about the SCO 
lawsuit against IBM]... as far 
as I can tell, the SCO case is 
essentially baseless,” Quinn 
said. “I’m going with the as- 
sumption that this case is real- 
ly not going to come through, 
and even if it does, it’s going 
to take such a long time, it’s 
beyond my horizon.” 

Thomas Zacharia, an associ- 
ate lab director at the U.S. 
Department of Energy’s Oak 
Ridge National Laboratory in 
Oak Ridge, Tenn., agreed. 

“These kinds of things al- 
ways happen in industry,” as 
companies have disagree- 
ments and battle issues out in 
the courts, Zacharia said. “We 
try to stay out of these exter- 
nal activities. These things 
don’t really come into our 
realm.” The lab uses an SGI 
Altix 3000 supercomputer 
with 256 Intel Corp. Itanium 2 
processors. @ 41840 
McMillan writes for the IDG 
News Service. Todd R. Weiss 
contributed to this report. 


FULL COVERAGE 


To access all Computerworld stories 
relating to the SCO/Linux dispute, 


| visit our Web site: 


QuickLink a3260 
www.computerworld.com 





8 COMPUTERWORLD October 6, 2003 


BRIEFS 


Sun Predicts Big 
Loss, Revises Q4 


Sun Microsystems Inc. said it will 
report a first-quarter loss that’s 
larger than Wall Street analysts 
had forecast as a result of “in- 
tense” competition. The loss will 
trigger a $1.05 billion tax charge, 
which Sun is applying to the re- 
sults for the fourth quarter of its 
latest fiscal year, leaving it with a 
loss of $1.04 billion for that peri- 
od. Sun said the loss in its first 
quarter, which ended Sept. 28, 
could reach $325 million. 


Best Buy, EDS Sign 
Help Desk Contract 


Electronics retailer Best Buy Co. 
said it has signed a five-year con- 
tract to outsource help desk and 
IT problem management opera- 
tions for its stores and corporate 
offices to Electronic Data Sys- 
tems Corp. in Plano, Texas. The 
value of the deal wasn’t disclosed. 
EDS said it will initially provide 
help desk services to Minneapo- 
lis-based Best Buy from a facility 
in Winnipeg, Manitoba. 


Verizon Offers to 
Buy Out Managers 


New York-based Verizon Commu- 
nications said it’s offering a vol- 
untary buyout deal to virtually all 
of its 74,000 management work- 
ers, including 9,300 people in IT. 
A Verizon spokeswoman predict- 
ed that several thousand employ- 
ees will accept the offer, which 
was announced one week after 
the company lowered its financial 
results forecast. 


Short Takes 


IBM said it has signed a 10-year, 
$2.56 billion outsourcing deal 
with NORDEA AB, a Stockholm- 
based bank. About 900 of 
Nordea’s 2,900 IT workers will 
be shifted to an IBM-run joint 
venture. . . . AGILE SOFTWARE 
CORP. has bought TRADEC INC., 
a maker of manufacturing cost 
management tools. Both compa- 
nies are based in San Jose. 


NEWS 


MARK HALL #®ON THE MARK 
Keeping Users Offline 
Is the Way to Secure... 


... your network, jokes Stacey Lum of InfoExpress Inc. in Mountain 
View, Calif. While noting the impracticality of the idea, the CEO of the 
10-year-old boutique security vendor does get his hackles up because 
companies seldom enforce the few security policies for which end 
users are responsible, such as having remote workers install patches 
and upgrades to their laptops. “Where’s the enforcement?” he won- 
ders. “Good workers don’t get fired for not being in compliance with corpo- 
rate security policies.” He says “nagware,” those pesky automated mes- 


sages that urge users to update their soft- 
ware, doesn’t work. That means it falls to 
IT departments to stop end users from 
contaminating their comrades with 
viruses and worms. One way to do that is 
to install technology that can evaluate 
the compliance of a remote device before 
permitting it on the network. Another 
way is to very publicly terminate the next fool 
who repeatedly lobs the inevitable 
Blaster equivalent into your environ- 
ment. More fun, too. ® Less work for you 
is possible in the struggle 

to secure your network while 

still keeping your job. Auto- 


| tive download options. A best practice, 
suggests CEO Walter Elliott, is to use 
ManageSoft to establish a subset of ma- 
chines to run the patch before it’s de- 
ployed broadly. Also beginning today, the 
company’s ManageSoft suite can deploy 
and update software on Linux systems. Ex- 
pect to see versions for Sun’s Solaris, 
IBM’s AIX and HP-UX before New Year’s 
Eve. ® Let’s say you're thinking about se- 
| curity compliance, and your business is 
| in an industry with strict privacy regula- 
tions, such as the med- 
ical and financial sec- 
tors. You may be respon- 





mated patch management 
can be the ticket. One 
vendor’s offering is get- 
ting a face-lift today. 
Boston-based Manage- 
Soft Corp. is releasing 
Security Patch Manage- 
ment Version 6.6 with im- 
proved reporting, policy- 
based “push” updating 
and continuous monitor- 
ing of the Microsoft secu- 
rity patch site, with selec- 


Next week, Commerce One 

em SRM tnm eee 
its process automation appli- 
cation for procurement man- 
agement. The upgrade now 
has more than 70 standard 
TES ieee eT CMT (ALEC 


Nee UR Crk eee 


Ithas also more than doubled 
to 200 the number of adapt- 
ers for vertical market 
applications. 


sible for securing e-mail 
between doctors and 
their patients, or finan- 
cial advisers and their 
clients — even if the latter 
users don’t have secure sys- 
tems. According to Terry 
Olkin, chief technology 
officer at Secure Data 

in Motion Inc. (better 
known as Sigaba), a strict 
reading of the rules 
means that if a doctor 


www.computerworld.com 


| responds to a query from a patient via e- 
mail and the patient replies, that patient’s 
message now has to meet HIPAA privacy 
standards. With the San Mateo, Calif., 
vendor’s release tomorrow of Version 4.0 
of its Sigaba Secure E-mail software, both 
parties can be encrypted through the 
product’s Send Anywhere feature. The 
upgrade also includes federated authentica- 
tion, so single sign-on is possible for users 
within trusted organizations. Prices start 
at around $50,000. ® Not all network 
problems are security-related. Some- 
times your applications are acting flaky. 
But how do you really know? Perhaps if 
you used today’s release of ClearSight 
Analyzer 3.0, you could see what was going 
on - literally. Like a complete video ex- 
change of a video/voice-over-IP conversa- 
tion. If the users experience jitter, so 
does the network analyst. No more need 
to delve into arcane packet analysis. Of 
course, the product lets you easily get to 
the packet details, but you probably 
won't need to, since the problems are much 
| more obvious to behold. And it’s not just 
VoIP. The behavior of applications such 
as Domain Name System operations, Or- 
acle databases, Web servers and much 
more can be observed. San Mateo-based 
ClearSight Networks Inc.’s software sells 
for $7,995. Bargain shoppers can get it for 
$5,995 through December. If you wait a 
month, you can buy a version that moni- 
tors full-duplex 10/100 Ethernets and one 
that oversees Gigabit Ethernet. By the 
end of the quarter, there will be a version 
for monitoring remote sites. ® Take note: 
Two key vendor barometers in the shift 
away from licensed software hit mile- 
stones in September. Application service 
provider Surebridge Inc. passed the $100 
million mark in booked business, and on- 
line-only CRM supplier Salesforce.com 
signed up its 100,000th user. Many small- 
er ASPs are also thriving. Maybe the dot 
didn’t bomb after all. €2 41820 








Marimba Upgrades Tool to Track App Use 


BY MATT HAMBLEN 
Marimba Inc. today will an- 
nounce an upgraded applica- 
tion-tracking tool that can 
measure how often end users 
run the programs installed on 
their systems. Like similar 
products from rival vendors, 
the beefed-up tool is designed 
to help IT managers reduce 
corporate licensing costs. 

The Software Usage Solution 
6.0 release will extend the tool’s 
capabilities for tracking appli- 
cation inventories to include 
the automated collection of 





usage details, such as the 
last time an application was 
opened and how frequently it 
is used, said Kelly Wagman, a 
senior product marketing man- 
ager at Marimba in Mountain 
View, Calif. IT managers can 
use the data to decide whether 
to buy more software licenses, 
harvest unused applications 
for other end users or cancel 
unneeded licenses, she said. 
Scotia Miller, regional man- 
ager of desktop architecture at 
Barclays Global Investors in 
San Francisco, said the invest- 





ment management firm urged 
Marimba to develop the abili- 
ty to track application use af- 
ter using the vendor’s soft- 
ware distribution tools. 

Miller has been using a pre- 
release version of the product 
for about six months to track 
the use of 40 applications. She 
said Marimba’s software de- 
tected about 1,100 unused li- 
censes in a three-month peri- 
od. About half of the end users 
who weren't using programs 
said they didn’t need them. 

“The cost of software is the 





driver behind this initiative,” 
Miller said. “With license 
monitoring on the increase by 
outside groups, our CIO also 
doesn’t want to pay the fines 
for unauthorized use.” 
Barclays has configured the 
tool to detect applications that 
haven’t been used for 35 days 
and to automatically send 
e-mail messages to end users 
asking if they want to give up 
their licenses. The 35-day limit 
was chosen to give workers on 
long vacations or business 
trips a reasonable amount of 
time in which to use applica- 
tions, Miller said. @ 41825 
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Iron Mountain Service Assesses 
E-mail Retention Policies, Systems 


‘Targets financial 
firms facing need 
to meet SEC rules 


BY LUCAS MEARIAN 
RON MOUNTAIN INC. last 
week announced a con- 
sulting service aimed at 
helping financial services 

firms comply with increasing 

pressure from regulatory agen- 
cies to store internal and exter- 
nal electronic correspondence. 

Boston-based Iron Moun- 
tain said its Records Manage- 
ment Program Gap Analysis 
service can gauge a company’s 
retention approaches and rec- 
ommend changes, including 
the addition of e-mail archiv- 
ing and search capabilities 
that can be outsourced or de- 
veloped in-house. 

David Young, director of 
business systems at the Com- 
mon Fund for Nonprofit Orga- 
nizations, a broker/dealer in 
Wilton, Conn., uses a message 
archiving and search service 
for Microsoft Exchange sys- 
tems that Iron Mountain an- 
nounced in January. Young 
said he signed up for the ser- 
vice because of regulatory 
pressures and an increased 
threat of litigation. 


Following the Rules 

The U.S. Securities and Ex- 
change Commission requires 
financial services firms to 
store all e-mail traffic in its 
original form for at least three 
years and to make those com- 
munications “accessible” for 
the first two years. The Na- 
tional Association of Securi- 
ties Dealers Inc. also has rules 


See ereeeseeesessesseseseseseses 


Correction 

In our Sept. 29 Field Report titled 
“Growing Into a Data Center,” the 
name of the CEO of Occupational 
Health + Rehabilitation Inc. was 
misspelled. His name is John 
Garbarino. 





that require brokerages to 


| monitor and store communi- 


cations with their clients. 
Young said that trying to 
comply with the message re- 
tention rules on your own can 
become “an administrative 
nightmare” for IT managers. 
“You've got boxes [of paper 


| documents] to deal with, opti- 


cal storage to deal with, you 
need additional IT support for 


| disaster recovery, and you need 
| to make sure your servers are 
| up and on the network,” he said. 


Brian Babineau, an analyst at 
Enterprise Storage Group Inc. 
in Milford, Mass., said a cot- 
tage industry has grown up 
around regulatory compliance 


| within the financial services 


market. But he cautioned that 





| outsourcing isn’t always the | 


right answer, although it’s of- 
ten the smart one for small to 
midsize businesses. 

Babineau said CIOs and cor- 


e-mail created two years ago 
when you brought [the new 
company] on board,” he said. 
Iron Mountain’s e-mail 
archiving service uses EMC 


porate attorneys need to work | Corp.’s Centera disk arrays 
together to fully and mailbox man- 


understand the 
message-retention 
rules and then de- 
termine whether 
their companies 
face compliance 
risks. He added ari 
that even large Wall Street 
brokerages with sufficient IT 
resources have to be careful to 
ensure that acquired compa- 
nies are compliant. | 
“Tt’s not the e-mails created 
two months ago you have to | 
| 


| worry about as much as the 


FINANCIAL FOCUS 


For more coverage of IT 
issues affecting the financial 
services industry, go to 


@ QuickLink a3670 
www.computerworld.com 


agement, regulato- 
ry compliance and 
content searching 
software from Ar- 
lington, Texas- 
based KVS Inc. But 
Iron Mountain offi- 
cials said IT managers can use 
the gap analysis offering sepa- 
rately to help prepare for the 
development or upgrade of in- 
house archives. 

Charles Bennett, director 
of compliance at Hornor, 
Townsend and Kent Inc., the 


EMC Releases NAS Devices 


BY LUCAS MEARIAN 
EMC Corp. announced last 
week a pair of network- 


| attached storage (NAS) devices 
| that connect to its midrange 


Clariion disk arrays for inte- 
gration with systems on stor- 


| age-area networks (SAN). 


The Hopkinton, Mass.- 
based company also intro- 
duced an entry-level version 


| of its Celerra NSGOO NAS file 


server with a built-in Clariion 


array. In addition, EMC said 


all of its NAS products now 
can support a mix of low-cost 
ATA and high-end Fibre Chan- 
nel disk drives. The rollout 


} continues EMC’s strategy of 


targeting the midrange market 
with hardware that supports 
high-end functionality, such as 
support for making point-in- 
time copies of data. 

EMC said the new NS600S 





| Gateway products support integration 
of network-attached storage, SANs 


file server includes a single 
data engine and starts at 
$114,000 for a model with ITB 
of storage capacity. In compar- 
ison, it charges $167,000 for a 
1TB version of the original 
NS600 system, which includes 
two engines. Meanwhile, the 
NS6OOGS and NS600G NAS- 
to-SAN gateway devices both 
have starting prices of less 
than $100,000 (see box). 

Dave Johnson, director of IT 
at Chicago-based accounting 
and auditing firm Grant 
Thornton Inc., said EMC ap- 
pears to be trying to fill out its 
midrange product line. 

But Johnson added that he 
isn’t interested in using his 
five Clariion arrays, which are 
installed at four regional of- 
fices and Grant Thornton’s 
corporate data center, to sup- 





port file server functions. He 


Tied to Its Midrange Arrays 


said it’s far cheaper to use a 
clustered pair of Hewlett- 
Packard Co. ProLiant DL580 


~ | servers at each of the firm’s 51] 


branch offices nationwide to 
handle network authentication 
functions as well as file and 
print services. 

Steve Kenniston, an analyst 


at Enterprise Storage Group 


Inc. in Milford, Mass., said 
EMC’s new gateway devices 


EMC’s New 
NAS Devices 


w NS6OOGS: Single-engine 
gateway device that uses external 
Clariion disk arrays to store data. 
Starts at $63,000. 


w NS600G: Dual-engine version 
of the gateway product. Starts 
at $97,000. 


w NS6O0S: Entry-level file serv- 
er with one data mover and a 
built-in array. Starts at $114,000 in 
a1TB configuration. 
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broker/dealer division of Penn 
Mutual Life Insurance Co. in 
Horsham, Pa., said the compa- 
ny’s 16,000 sales representa- 
tives can generate as many as 
12,000 e-mail messages a day. 
Bennett added that he plans to 
begin using Iron Mountain’s 
Web-based archiving service 


this month. @ 41816 


are an attempt to gain a foot- 
hold against more established 
NAS vendors, such as HP and 
Network Appliance Inc. EMC 
is “rounding out the whole 
message in the midtier range,” 
Kenniston said. 

EMC said the new support 
for ATA disk drives will let 
Celerra users rely on the low- 
er-cost devices for data back- 
up purposes while still using 
Fibre Channel disks for prima- 
ry data storage. 

In addition, EMC released a 
low-end NAS device that 
matches its Clariion CX200 
disk array with Microsoft 
Corp.’s Windows Powered 
NAS software. The NetWin 
200 product, which was an- 
nounced in May [QuickLink 
38213], can scale from 500GB 
to 4.4TB in storage capacity 
and starts at $32,000. 

The NetWin 200 is the 
first EMC product that uses 
Microsoft’s NAS software, and 
it’s designed to help IT man- 
agers consolidate data backups 
of low-end Windows servers. 
“Customers, especially Dell 
clients who’ve been waiting to 
do data management better, 
have been looking forward to 
this,” Kenniston said. @ 41821 
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IBM Acquires App 
Porting Business 


IBM said it has acquired an appli- 
cation porting services business 
focused on its Linux and Unix 
servers from Austin-based Sec- 
tor7 USA Inc. for an undisclosed 
price. The deal included most of 
Sector7’s assets and the intellec- 
tual property for its tools, which 
support the migration of applica- 
tions to IBM’s servers. IBM also 
said it will hire Sector7 employ- 
ees to work in its IT services unit. 


Microsoft Agrees 
To Settle Lawsuit 


Microsoft Corp. said it has agreed 
to pay a total of about $10.5 mil- 
lion to settle a class-action anti- 
trust lawsuit involving users that 
bought Windows directly from the 
company. The settlement deal 
needs to be approved by a U.S. 
District Court judge in Baltimore 
before it becomes effective. The 
plaintiffs had sought to include a 
much larger group of users in the 
suit, but court rulings narrowed 
the scope of the case. 


Nortel, Solectron 
Alter Product Deal 


Nortel Networks Ltd. and Solec- 
tron Corp. said they have revised 
a 3-year-old contract under 
which Milpitas, Calif.-based 
Solectron manufactures products 
for Brampton, Ontario-based Nor- 
tel. The deal, which was due to 
expire next year, was extended to 
2009. But the companies sharply 
reduced its projected value to 
$7.5 billion. The initial contract 
was for $10.4 billion. 


Short Takes 


CASSATT CORP., a Menlo Park, 
Calif.-based start-up headed by 
former BEA Systems Inc. CEO Bill 
Coleman, plans to offer a set of 
autonomic computing tools. . . . 
THE OPENSSL PROJECT said it 
has patched three security holes 
in its open-source version of the 
Secure Sockets Layer protocol. 
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Laws, Concern for Corporate 


Failure to keep data private could put 


BY JAIKUMAR VIJAYAN 
| COLUMBUS, OHIO 


EGULATORY require- 
ments and the need 

to protect corporate 
reputations are mak- 


| ing it crucial for companies to 
| implement comprehensive 
| data privacy programs, said 


users at the PrivacyCon 2003 
conference here last week. 

A failure to do so will even- 
tually expose them to legal 


| risks, hinder their ability to do 
| business in certain parts of the 


world and jeopardize trusted 
relationships with customers, 
they added. 


“Privacy laws are having a 


| huge impact” on companies, 
| said Jay Cline, privacy manager 


at Carlson Companies Inc., a 


| Minneapolis-based group of 


businesses in the travel, hospi- 


| tality and marketing industries. 


Carlson, which until late 
2000 had no formal privacy 


| program, is rolling out a global 


effort aimed at getting its busi- 


| ness units to comply with a 
| patchwork of state, federal and 


international requirements, 
Cline said. 


| A Corporate Value 


| Companies will need to “ad- 


vance privacy as a corporate 
value,” said Kevin Lyles, a 


| Columbus-based attorney at 


international law firm Jones 
Day LLC. “If you don’t have a 


| privacy program, you have le- 


gal exposure. Fines and penal- 


| ties are going to be much 
| higher” for noncompliance, he 


said. A company’s perceived 
stance toward privacy will 
also have an impact on share- 
holder value, he added. 

A recent controversy in- 


| volving JetBlue Airways 


Corp.'s release of passenger 
information to a private con- 
tractor is an example of the 
kind of reputation damage 





| companies in jeopardy on several fronts 


companies risk from privacy- 
related failures, said Peter 
Cullen, chief privacy strategist 
at Microsoft Corp. 

The incident involved Jet- 
Blue providing passenger in- 
formation to a Department of 
Defense contractor, which 
used the data for a project re- 
lated to military-base security. 

“JetBlue is a company that 
probably wishes it had done 


| things differently,” Cullen said 


during a keynote address. 

A JetBlue spokesman of- 
fered no comment, saying that 
it was still too soon after the 
incident to be able to say what 
lessons have been learned 


| from the episode. 


Establishing a privacy pro- 


| gram is more complex than 
| just meeting regulatory re- 


quirements, said Keith Herath, 
chief privacy officer at Nation- 
wide Mutual Insurance Co. in 
Columbus. “Legal require- 


| ments are only the minimum. 


Most laws are a compromise 
to the lowest common denom- 
inator,” Herath said. 





Privacy Guidelines 


Key concepts behind 
building a gichal privacy 
program include the following: 


Focus on business drivers 
rather than regulatory drivers. 

= Establish good faith efforts 
and documentation for demon- 
@ Integrate the privacy pro- 
and reporting structure. 


Sometimes companies have 
to accommodate higher stan- 
dards to ensure that a consis- 
tent policy is applied to all 
customers, users said. 

For instance, prior to the 
Gramm-Leach-Bliley Act, Na- 
tionwide had to comply with a 
law in 15 states that required it 
to provide to customers cer- 
tain rights of access to person- 
al data — and the means to 
correct any inaccurate data. 
Though the act doesn’t re- 
quire Nationwide to take the 
same measures in the other 35 
states, the insurer has begun 
doing so anyway, Herath said. 





Image Make Privacy a Priority 


“We felt that it made no sense 
to offer it in 15 states and 
nowhere else,” he said. 

But implementing a consis- 
tent global privacy program 
can be a huge challenge, said 
Scott Shipman, chief privacy 
officer at eBay Inc. 

As a company with opera- 
tions in several countries, 
San Jose-based eBay is forced 
to deal with various cross- 
border data transfer and re- 
tention requirements, con- 
sumer consent models, re- 
porting requirements and en- 
forcement issues. 

New state-level privacy reg- 
ulations such as those being 
proposed in California [Quick- 


| Link 41325] add to the prob- 


lem, Shipman said. 
But multinational compa- 
nies are going to have few op- 


| tions but to comply, Lyles said. 


“The data protection direc- 
tives in Europe are forcing 
companies to take privacy 
seriously,” Lyles said. The real 
concern today for a lot of 
companies is that enforcement 
of European laws could well 
force them to stop the flow of 
data to and from that region, 


he added. @ 41835 


Microsoft Exec Says Privacy a Top Concern at Company 


COLUMBUS, OHIO 

Microsoft Corp. is determined to 
incorporate better privacy safe- 
guards into its products and 
practices, according to its chief 
privacy strategist, Peter Cullen. 

Addressing a group of privacy 
professionals at the PrivacyCon 
2003 conference here last 
week, Cullen said Microsoft is 
focused on giving users more 
choice and control over the 
manner in which information is 
collected and used. 

To that end, Microsoft has im- 
plemented a privacy program to 
create a high level of awareness 
relating to privacy issues in the 


product design stage. The Mi- 
crosoft Windows group alone 
has 125 employees with privacy- 
related responsibilities and five 
privacy managers focused on 
ensuring that each of the com- 
ponents that goes into the Win- 
dows operating system has been 
“thought through from a privacy 
perspective,” he said. This in- 
cludes looking at how each 
component collects, stores and 
uses data, he said. 

The company is also focused 
on giving users more choices 
and control over their informa- 
tion, he said. As an example, he 
cited the user consent that’s re- 


quired to send error reports to 
Microsoft via the Internet when 
an application crashes. 
Microsoft is also working 

on anew security technology 
called the Next-Generation Se- 
cure Computing Base that will 
allow users to secure confiden- 
tial data within a “virtual vault” 
ina PC. The technology will al- 
low users to store confidential 
information in a separate loca- 
tion on a PC and control appli- 
cation access to that data. It will 
also allow users to control who 
can see that data during data 
transmission. 

- Jaikumar Vijayan 
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Continued from page 1 
WLAN Threat 


was unaware of the Aug. 7 
warning until he was contact- 
ed by Computerworld. 

Sharp has a network of 8,000 
computers spread across seven 
hospitals, six urgent-care cen- 
ters and three affiliated med- 
ical groups. It uses both wired 
and wireless Cisco equipment, 
including about 200 WLAN 
access points. Wiesenberg 
said Sharp has always viewed 
LEAP as a transitional proto- 
col for use until the 802.1li 
wireless security standard is 
finalized. Now he plans to ex- 
plore alternatives to LEAP. 

Mike Martell, systems man- 
ager at The Dingley Press, a 
Lisbon, Maine-based catalog 
printer that uses a Cisco 
WLAN in its warehouse, also 
said he didn’t know about the 
potential problem with LEAP 
until last week. But Martell, 
whose company is featured in 
a customer profile on Cisco’s 
Web site, said he wasn’t sur- 
prised to hear that the security 
technology could be overcome 
by a dictionary attack. 


Massive Assaults 


Such attacks assault password 


protection schemes by feeding | 


huge amounts of words and 
numbers into a targeted sys- 
tem. Thanks to increases in 
processing power, some dic- 
tionary attacks can crack pass- 
words in a matter of minutes, 
Martell said. He said users 
should use long passwords 
with odd combinations of let- 
ters and numbers. 

Cisco made similar recom- 
mendations in the Aug. 7 warn- 
ing, saying that IT managers 
can reduce the impact of dic- 
tionary attacks by mandating 
the use of “strong passwords” 
and ones that become invalid 
after a specified time period. 

Ron Seide, product line 
manager at Cisco’s wireless 
business unit, last week said 
his company believes LEAP is 
“relatively” secure if users fol- 
low good password manage- 
ment approaches. He added 
that Cisco also offers an up- 
grade path to help customers 
migrate from LEAP to its 


| stronger Protected Extensible 
Authentication Protocol, 
which uses one-time pass- 
words and digital certificates. 
Seide said the second notice 
about the dictionary attack 
threat will have “more visibil- 
ity” than the initial one did. 
Cisco will act “with all due 
haste” to notify users when it 
learns of specific plans to re- 
lease the attack tool, he said. 
He added that the company 
will use multiple methods of 


Continued from page 1 


Pentagon 


cations thus far by an order of 
magnitude, said Bruce Triner, 
director of defense special 
programs at the Pleasanton, 
Calif.-based vendor. It’s also 
expected to be the first rollout 
by any user of the PeopleSoft 
8.8 global payroll module, ac- 
cording to Carpenter. 

But progress has been slow, 
even though the DOD’s plan 
from the start was to configure 
the system so it would be in 
line with private-sector HR 
procedures and require a mini- 
| mal amount of software cus- 
| tomization. “We'd rather not 
reinvent the wheel and rewrite 
code,” Carpenter said. “We're 
looking for PeopleSoft to be 
installed as much out of the 
box as possible.” 

PeopleSoft’s applications 
were picked over rival prod- 
ucts because IT officials at the 
Pentagon felt they would most 
closely support its needs, she 
added. But after the selection 
was made, the DOD did what 
it described as an “extensive 
fit-gap analysis” to further in- 
vestigate how well the soft- 
ware met its requirements. 

The DOD had planned to 


The Defense De- 
partment buys an 
enterprisewide li- 
cense for People- 
Soft HR applica- 
tions for $48M. 


RFPs for the 
software imple- 
mentation are 
issued to con- 
sulting and sys- 
tems integra- 
tion firms. 





The DOD gives 
five companies up 
to $1M contracts 
to submit updated 
implementation 
proposals. 


communicating that to users, 
but he didn’t provide details. 
Cisco e-mails security alerts 


| to its sales force as well as to 


its distributors and resellers, 
according to Seide. But he said 
that unlike Microsoft Corp., 


| which lets its users sign up to 


get e-mail messages contain- 


| ing security-related informa- 
| tion, Cisco has no easy way to 
| capture the e-mail addresses 

| of customers. 


The threat facing LEAP- 


have part of the system in 
place by last fall, but Carpen- 


| ter said the process of review- 


ing the prime contractor bids 
submitted by Northrop Grum- 


| man and other systems inte- 


grators took longer than ex- 


| pected because of the detailed 
nature of their proposals. 
“TI don’t think anybody could | 


have predicted the length of 


| the [prime contractor] acqui- 

| sition period,” said Jon Jensen, 
| a Northrop Grumman execu- 

| tive who led the Los Angeles- 
| based company’s effort to win 
| the contract. “It was probably 
| a disappointment for a lot of 

| folks in terms of time frame. 
| Jensen works at Northrop 


Grumman Information Tech- 
nology, the Herndon, Va.- 
based operation that will man- 


| age the DIMHRS project. 


Breaking It Down 


| Carpenter said that because 
| of the project’s uniqueness 
and complexity, military offi- 


cials made the decision to 


| separate development into 


two phases, the first of which 


| involved the five systems inte- | 


grators that were competing 
for the prime contractor’s job. 
In September 2002, the Penta- 
gon gave the companies small 
contracts to develop docu- 


acl ea Cree 


eel We saree ea els 


Northrop Grumman 
is awarded a $281M 
contract to manage 
development of the 
system. 


based systems was put under 
a spotlight last week after 
Joshua Wright, a systems engi- 
neer at Johnson & Wales Uni- 
versity in Providence, R.L., 


| demonstrated a dictionary at- 


tack against the Cisco technol- 
ogy at a conference in New 
York sponsored by Light 
Reading Inc. Wright couldn’t 
be reached for comment. But 
according to sources who 
were in the audience, Wright 
said he planned to make the 


mentation and recommended 


| system specifications. 


The companies in Decem- 


| ber submitted implementation 
| plans that weighed a com- 
| bined total of 4,800 pounds, 


Carpenter said. Last week’s 


| choice of Northrop Grumman 
| to manage the rollout signals 


the actual start of work on the 
system, which marks the be- 
| ginning of Phase 2. 
But Northrop Grumman 
still needs to finalize the tech- 
| nical design and a detailed 
| rollout schedule, both of 
which are due within the next 
six months. The DOD hopes 
| to get the U.S. Army online 
| with DIMHRS by November 
2005 and then add the other 
| military branches over the fol- 
| lowing 24 months. 
“Tt’s not rocket science, but 
| it’s not as easy as it looks at 
| first blush,” Carpenter said. 
Ray Bjorklund, an analyst 
| at consulting firm Federal 
| Sources Inc. in McLean, Va., 
| predicted that the project’s to- 
| tal cost could reach $500 mil- 
| lion if administrative expenses 
and ongoing maintenance fees 
| on some of the DOD's legacy 
systems are included. Penta- 
gon officials declined to com- 
ment about his estimate. 
Work on the project will 
be centered at a DOD IT facil- 
ity in New Orleans. The Pen- 
| tagon plans to run the People- 
Soft applications on IBM Unix 
servers and link them to a sin- 
gle logical database that will 
be built on IBM’s DB2 soft- 
ware and contain consolidat- 
ed information about all mili- 
tary personnel. The DOD will 


disaster recovery purposes, 
Carpenter said. @ 41815 





| also install backup systems for | 


tool he used publicly available 
within a couple of months. 
The University of British 
Columbia in Vancouver runs a 
WLAN with about 1,200 Cisco 
access points. Jonn Martell, 
who manages the WLAN, said 
the school decided to use vir- 
tual private network technol- 
ogy instead of LEAP because 
of concerns about dictionary 
attacks. Password-based sys- 
tems are “fundamentally not 


| the answer,” he said. @ 41843 


impact of Oracle 
Bid Downplayed 


Defense officials involved in 
the DIMHRS project said they 
don't see Oracle Corp.'s hos- 
tile attempt to acquire People- 
Soft as a big obstacie to the 
Pentagon's rollout of its new 
human resources system. 

U.S. Navy Capt. Valerie Car- 
penter, the joint program man- 
ager responsible for develop- 
ment of the HR system, said 
the takeover bid that Oracle 
announced in June hasn't 
been a cause of worry for her. 
“The DOD has a valid contract 
with PeopleSoft, and if they 
were bought out by Oracle, we 
would expect Oracle to honor 
that contract,” she said. 

“At this point, it's not con- 
sidered a viable threat,” said 
Jon Jensen, who led Northrop 
Grumman's successful effort 
to be named the prime con- 
tractor for the project. 

Jensen noted that the buy- 
out offer initially caused wor- 
ries throughout the IT industry 
because of concerns that Ora- 
cle would stop actively selling 
PeopleSoft’s applications. The 
takeover attempt is currently 
on hold while federal officials 
examine its possible antitrust 
implications. 

Jensen speculated that if 
Oracle succeeds in its quest 
to buy PeopleSoft, the Penta- 
gon’s project could be delayed 
or even reconsidered. But, he 
added, “unless something dra- 
matic happens, we're on sta- 
ble ground.” 

- Marc L. Songini 
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DHS Initiates Real-Time 
‘Cybersituation Project 


| _ . . 
Feds look for immediate 


security incident data 





| BY DAN VERTON 


The U.S. Department of Homeland 


| Security’s cybersecurity division is 


spearheading an aggressive new proj- 
ect to create a real-time cybersitua- 
tion-awareness system, a senior DHS 
official said last week. 

The aim of the system is to provide a 
nationwide capability to conduct in- 
stant analysis of security incident data 
for signs of coordinated attacks or ma- 
jor virus and worm outbreaks. 

Sallie McDonald, the senior execu- 
tive responsible for outreach and 
awareness efforts at the agency, said 
the National Cyber Security Division 
(NCSD) of the DHS is working with 
SRI International, Symantec Corp. and 
Computer Associates International Inc. 
to develop a nonproprietary data col- 
lection system that will run on an auto- 
mated security extranet and feed inci- 
dent reports to the various Information 
Sharing and Analysis Centers (ISAC) 
operating in the private sector. The 
ISACs would then feed the data to the 
national situation-awareness system. 

“We will be deploying this in the fed- 
eral sector, starting at the U.S. CERT 
first so we can see in real time what is 
happening across the nation,” said Mc- 
Donald. The DHS announced on Sept. 
15 the formation of a computer emer- 
gency response team, U.S.-CERT, which 
is the result of a combined effort of the 
Federal Computer Incident Response 
Center and the CERT Coordination 
Center at Carnegie Mellon University. 

The new incident reporting and 
analysis system will be launched in De- 
cember at the first DHS-sponsored Cy- 
ber Security Summit to be held in Sili- 
con Valley at an undetermined loca- 
tion, said McDonald. 

In addition to the reporting system, 
the DHS plans to announce a security 
awareness effort targeted at 50 million 
home users and small businesses, and 
will draft a national cybersecurity road 
map that includes specific milestones 
and metrics for measuring progress in 
bolstering security. 

According to testimony provided to 
Congress last month by Robert Lis- 
couski, assistant secretary of homeland 
security for infrastructure protection 


| at the DHS, the new situation-aware- 
ness capability will leverage the data 
that’s now collected by more than 200 
private, public and university 
CERTs within the U.S. and 

feed that data to the newly 
created U.S.-CERT. The goal 
within the next year is to re- 
duce response times to any 
attack to an average of 30 
minutes, according to 
Liscouski. 

All of these efforts will be 
launched as Amit Yoran, for- 
mer vice president for man- 
| aged security services at Cu- 
pertino, Calif.-based Syman- 
tec, joins the DHS as head of the 
NCSD [QuickLink 41394]. McDonald 
and others praised the appointment of 
Yoran, who also served as the former 
director of vulnerability assessment 
for the Pentagon’s CERT. 

However, some prominent experts 
said quietly that, despite Yoran’s expe- 
rience, he faces an uphill battle when it 


Despite the government's recent efforts 
to integrate dozens of watch list databas- 
es, terrorists may still be slipping through 
numerous cracks in the nation’s home- 
land defenses by stealing identities and 
using computers to create fraudulent trav- 
el documents, officials told Congress. 

Testifying before the House Select 
Committee on Homeland Security last 
week, Ronald D. Malfi, director of the 
General Accounting Office’s Office of 
Special Investigations, said that over the 
past three years, investigators have suc- 
ceeded in using fraudulent identities and 
documents created on home computers 
to do things like enter the U.S., buy 
firearms and gain unfettered access to 
government buildings. 

“We created fictitious identities and 
counterfeit identification documents, 
such as driver's licenses, birth certificates 
and Social Security cards . . . using inex- 
pensive computer software and hardware 
that are readily available to any purchas- 
er,” said Malfi. 

“It's relatively easy for a terrorist to 
pose as someone else,” said Rep. Robert 
Andrews (D-N.J.). “And the impact is that 





ye ce 1 | 


is the new head 
of the NCSD. 


| comes to reinvigorating the public/ 

| private partnership, which they added 
has lost much of its momentum as a re- 
sult of organizational and staff changes. 

According to one DHS official, who 

requested anonymity, Yoran will prob- 
ably have access to top department 
leaders, but he may not easily adapt to 
the government’s rigidity and slow 
pace. Yoran couldn’t be reached for 

comment. 

Scott Blake, vice president 
of information security at 
BindView Corp. in Houston, 
said the questions about 
leadership and reporting 
structure have overshadowed 
the real issue of the failure of 
the government’s policy to- 
ward the private sector. 

“T’m increasingly con- 
vinced that the carrot 
method of encouraging the 
private sector to practice 
good security isn’t working and isn’t 
going to work,” said Blake. “While 
putting a face to the effort [behind the 
national strategy] may help a little, I 
don’t see the IT world adopting better 
security without a stick being applied. 
Many companies are waiting for case 
law to demonstrate what they really 
have to do.” @ 41837 


ID Theft Undermines Integrated Terror Watch Lists 


the integrated terrorist watch list and oth- 
er databases that the [DHS] is sharing 
with other agencies is ineffective if we're 
not identifying [people].” 

Delegate Eleanor Holmes Norton (D- 
D.C.), a self-proclaimed “card-carrying 
civil libertarian,” said the nature of the vul- 
nerabilities has led her and others to re- 
think the issue of a national ID card. 

However, Keith Kiser, chairman of the 
American Association of Motor Vehicle 
Administrators, said a national ID card is 
unnecessary and would probably require 
IT systems that are currently not in place. 
Instead, Kiser argued that the existing IT 
infrastructure serving state motor vehicle 
departments, which is used to verify iden- 
tities and issue valid driver's licenses, 
should be enhanced and standardized. 

Kiser urged Congress to support a 
massive IT upgrade for motor vehicle de- 
partments that would include providing a 
uniform system to verify in real time an 
applicant’s driving history and the authen- 
ticity of documents used to establish his 
identity, such as Social Security cards 
and taxpayer ID numbers. 

- Dan Verton 
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Fired @stake CTO Says Microsoft 
Critique Was “Business as Usual’ 


Geer defends decision 
to involve CCIA in 
security report’s release 





BY DAN VERTON 

Dan Geer was fired from his job as chief 
technology officer at @stake Inc. on 
Sept. 25, one day after he and six other 
security researchers released a report 
that criticized Microsoft Corp.’s domi- 
nance of the software industry as a fun- 
damental cause of IT security problems 
[QuickLink 41691]. 


The report was published by the Com- | 


puter & Communications Industry 
Association (CCIA), a Washington- 
based trade group that includes some of 
Microsoft’s top rivals. @stake, a Cam- 
bridge, Mass.-vendor of security soft- 
ware and consulting services, gets a 
significant portion of its revenue from 


Microsoft. Geer last week spoke to Com- | 


puterworld about his firing and the con- 
troversy surrounding the report. 


What happened on Sept. 25? I’m still 
cautioned by my attorney not to be 
too precise about anything. But I 
learned I was fired from a press re- 
lease. When I did eventually speak to 





the CEO [James Mobley of @stake], it 


was cold and short, and he had nothing 
to say but, “Your services are no longer 


required.” And there was and has been 


nothing else beyond that. 


| @stake has said that you should have 


known Microsoft was a client and that, 
although other @stake officials didn’t nec- 
essarily disagree with everything 

in the report, your participation 

showed lack of respect for a major 


| customer. Is that unreasonable? 


If you knew my history, you 
would know that I’m a com- 
mentator on lots of things a 


| lot of the time. It’s not as if 
| there’s a procedure to check 


everything with marketing. 

The reason I was recruited into 
[@stake] in the first place was precise- 
ly for my ability to look over the hori- 
zon, to see the big picture and to um- 
pire the game, if you will. 

I once had someone explain to me 
that the way you could tell the differ- 
ence between a young umpire, an ex- 
perienced umpire and an old umpire 
was that the young umpire would say, 


| “I call them as I see them.” And the 
| middle-aged umpire would say, “It’s 





Middleware. 
It’s on the trading floor. 








not a ball or a strike until I say it’s a 
ball or a strike.” And the old hand 
would say, “I make it a ball, or I make it 
a strike.” 

If you don’t mind me being a little 


| immodest, I like to think that I’m ap- 


proaching the latter. I comment on 
everything that I’m capable of com- 
menting on as frankly as I am able to 


| do so. It’s what I am. So from my point 


of view, this report was business as 
usual and unremarkable. The only 
thing that made it remarkable was the 
reaction of the CEO. 


Why did you choose to align the 
study with a clearly partisan group 
like the CCIA when you could have 
approached any number of organi- 
zations that have a reputation for 
being evenhanded? I had a satel- 
lite to put into orbit, and they 
had a launch vehicle. I went to 
an organization that I was rela- 
tively certain would ensure 
that the report couldn’t be ignored. I 
think that was an unqualified success, 
and [it] was made more of an unquali- 


| fied success by adding the publicity 


engine of dissing me in the process. It 
was almost a gift. 


A lot of people say they agree with the 
report’s main premise that monolithic IT 
infrastructures inherently are less secure 
than multivendor ones. But some also say 
that multivendor environments may pose 
just as many security problems because of 


www.computerworld.com 


CEO Responds on Firing 


In response to Geer’s comments about 
his firing, James Mobley, @stake’s 
president and CEO, said in a statement 
that he placed “a number of unreturned 
phone calls” to Geer before the compa- 
ny announced his dismissal. 

“He finally returned my call after the 
release of the report [on Microsoft], at 
which time | informed him that his ser- 
vices were no longer required,” Mobley 
said. “This conversation occurred prior 
to my authorization of the release of 
@stake’s public statement.” 

Mobley added that he has “the great- 
est respect for Dr. Geer as a research 
scientist and security expert.” 

~- Dan Verton 


poor system configurations. There is that 
point, frankly. But if I had to choose 
between which [approach] we could 
have in the future, there is no question 
in my mind. As far as configuration 
difficulty, the reason one has [that] is 
because most large systems have too 
many knobs to adjust. When you have 
too many knobs to adjust, you don’t 
adjust them. 


What are your plans now? I’m being inun- 
dated by people who want to do my 
planning for me. But there seems to be 
no shortage of things one can do with 


the rest of one’s life. @ 41790 





Hyperion Sets 
Plan to Meld Its 


Software With 
Brio’s Data Tools 


BY MARC L. SONGINI 
Hyperion Solutions Corp., which ex- 
pects to complete a buyout of strug- 
gling Brio Software Inc. on Oct. 16, last 
week said it plans to begin delivering 


| integration hooks between its line of 


data analysis products and Brio’s query 
and reporting tools by year’s end. 

John Kopcke, Hyperion’s chief tech- 
nology officer, said the Sunnyvale, 
Calif.-based company will release a 
complete integration road map later 
this year. But he noted that Hyperion’s 
plans include a common services ar- 
chitecture that will give users a single 
sign-on feature and other shared capa- 
bilities for the two product lines. 

And by next spring, Hyperion ex- 





pects to be ready to demonstrate tech- 
nology that will support all querying, 
reporting and analysis functions from 
a single user interface, Kopcke said. 

Hyperion is also working to tie to- 
gether specific products. For example, 
links between its budgeting and busi- 
ness performance management appli- 
cations and Brio’s tools are due this 
quarter, Kopcke said. That will let 
users craft reports that combine opera- 
tional data from ERP and other trans- 
action systems with finance informa- 
tion from Hyperion’s software. 

Hyperion in July agreed to buy Santa 
Clara, Calif.-based Brio in a cash and 
stock deal that was valued at $142 mil- 
lion [QuickLink 40138]. 

For Brio, the deal has “brought a 
zombie back from the near-dead,” said 
Mike Schiff, an analyst at Current 
Analysis Inc. in Sterling, Va. “Brio is 
being taken seriously again.” For exam- 
ple, Brio and IBM last week announced 
two product bundles that will include 
Brio’s tools and IBM’s DB2 Data Ware- 
house software, Schiff said. @ 41795 
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Cisco, Huawei Look to Settle | 
Software- -Copying Lawsuit 


Cisco's claims put on 
hold pending review 
of product changes 





BY MATT HAMBLEN 

Cisco Systems Inc. and Huawei Tech- 
nologies Co. last week announced an 
agreement that moves them toward a 
settlement of a lawsuit Cisco filed in 
January charging Huawei with pirating 
its internetworking software and in- 
fringing on at least five patents. 

The two companies said in a brief 
statement that they had agreed to stay, 
or put on hold, Cisco’s suit, which was 
filed in U.S. District Court in Marshall, 
Texas. The stay will remain in effect 
pending an outside expert’s review of 
changes that Shenzhen, China-based 


Huawei has made to its Quidway 
router and switch products in response 
to Cisco’s claims, according to officials 
from the networking rivals. 

Cisco and Huawei added in their 
joint statement that they expect the 
deal “will lead to the end of the law- 
suit.” However, it could take up to six 
months to complete the independent 
review process, said Ron Friedman, as- 
sociate general counsel at 3Com Corp., 
which intervened in the suit on behalf 
of Huawei in June. 

Settling the lawsuit would eliminate 
a potential cloud hanging over the net- 
working equipment joint venture that 
3Com and Huawei are setting up in 
Hong Kong. Friedman said Marlboro, 
Mass.-based 3Com welcomes the 





agreement between Cisco and Huawei, 


Palm’s Tungsten Device Adds 


Bluetooth, Widescreen Support 


BY BOB BREWIN 
Palm Inc. last week introduced three 
handheld devices, including a high-end 
model with Bluetooth short-range 
wireless capabilities and a 320-by-480- 
dpi color screen that can be used in ei- 
ther vertical or horizontal 
mode. 

Milpitas, Calif.-based 
Palm said the Tungsten T3 
handheld is based on Intel 
Corp.’s 32-bit XScale proc- 
essor and includes im- 
proved personal informa- 
tion manager tools and IBM’s Java- 
based WebSphere Micro Environment 
software. The 5.5-o0z. device costs $399 
and is designed for corporate users, 
said Anthony Armenta, a senior prod- 
uct manager at Palm’s hardware unit. 

Jeff White, a longtime Palm user 


Palm Tungsten T3 Handheld 


A horizontal screen is designed to 
make it easier to read documents. 


iat 


ON THE MOVE 


For more stories about 
mobile computing 
go to our Web site 


© QuickLink k1000 
www.computerworld.com — said. “ 
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| who is a biomedical engineer at Miami 
| Children’s Hospital in Coral Gables, 
Fla., said the T3 packs a lot of function- 
ality into a small, lightweight computer 
| that can be carried in the scrubs worn 
| by doctors and nurses. 
| The T3’s ability to switch 
from the standard portrait- 
shaped screen used by most 
handheld devices to a land- 
scape mode makes it easier 
to read documents, White 
People naturally want 
| to scroll up and down, and 
| they hate to scroll sideways,” he said. 
White also praised the battery life of 
the T3, saying that the battery-level in- 
dicator on a device he received via an 
early shipment still read 100% after be- 
ing used for four days. Previous Palm 


| 
| 
] 
| 
| 


ter of hours, according to White. 

The T3 has better screen resolution 
| than any rival devices based on Micro- 
| soft Corp.'s Pocket PC operating sys- 
tem, said Sam Bhavnani, an analyst at 
ARS Inc. in La Jolla, Calif. He noted 
that the horizontal landscape viewing 
mode will make it easier to read not 
only text documents but also Excel 
spreadsheets, because end users will 
be able to see a larger number of 
spreadsheet cells than they can in por- 


trait mode. @ 41800 





| joint venture, 3Com has 


| two Huawei products 
| packaged with its own 
| user interfaces and 


and he predicted that the deal won't 
have any negative affect on the forma- 
| tion of the joint venture. 

The joint venture is due to begin op- 


erations next month provided the Chi 


nese government signs off on the plan. 
It will develop enterprise networking 


| products and sell them in China and 


Japan, with 3Com han- 


| dling sales in the U.S. 
| and elsewhere. 


Separate from the 


already begun shipping 


technical support ser- 
vices. 3Com last week 


Cisco’s < 
Huawei: 


COPIED PORTIONS of 
Cisco's IOS software, includ- 
ing source code and its 


y 
‘ 
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The suit alleges that Huawei copied 
portions of Cisco’s IOS source code for 
use in the Quidway product line, which 
isn’t being sold by 3Com, said Zeus 
Kerravala, an analyst at The Yankee 
Group in Boston. Kerravala added that 
Bruce Claflin, 3Com’s president and 
CEO, toid analysts earlier this year that 
the company would 
avoid reselling any of 
Huawei’s products if 
they possibly infringed 
on Cisco’s patents. 

In filing the lawsuit 
against Huawei, Cisco 
officials “were rightly 
concerned about their 
intellectual property 
and patents,” said Nick 


| the Chinese c 


| announced a Huawei- 
| built WAN router line 


(QuickLink 41657], and 
in July it released a core 
LAN switch made by 
ompany. 
Ted Malos, director 


ILLEGALLY USED technical 
documentation that was 
copyrighted by Cisco in its 
own product manuals. 
INFRINGED ON at least five 


Cisco patents related to pre- 
prietary routing protocols. 


Lippis, an analyst at 
Lippis Consulting in 
Hingham, Mass. But, 
Lippis noted, Cisco also 
was worried that 
Huawei'’s alleged copy- 
ing of its software code 


| of odd” 


models have run out of power in a mat- | 





| of technology at the 
| Ventura Unified School 


District in Ventura, Calif., uses both 
Cisco and 3Com products and plans to 
evaluate the new WAN routers that 
3Com is selling. Malos said Cisco’s 
lawsuit against Huawei “seemed kind 
and added that it had not af- 
fected his technology purchasing 


| plans. 


and technical documen- 

tation could result in a 
“flooding of the market with very 
cheap products.” 

Cisco sought monetary damages as 
part of its January complaint, but all 
the parties to the case last week de- 
clined to comment on whether Huawei 
would have to make any payments if 


the suit is settled. @ 41799 


Middleware. 
It’s in the end zone. 
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OPINION 


MARYFRAN JOHNSON 


Credibility at Stake 


NOTHER REPORT on Microsoft made 
front-page news last week, once again 
raising credibility questions and contro- 
versy. This time, the story [“Anti-Micro- 
soft Security Report Mired in Politics,” QuickLink 


41727] started out being 
about one thing — a re- 
search report claiming 
that there are global se- 
curity threats inherent in 
Microsoft’s monopoly 
position in IT infrastruc- 
tures — but ended up be- 
ing about quite another. 

One of the report’s 
seven authors (all of 
them respected security 
experts) was fired for 
taking part in this very 
public criticism of Microsoft. Dan 
Geer, now the former CTO of secu- 
rity consultancy @stake, became the 
focus of this suddenly more inter- 
esting and politicized story. Micro- 
soft is one of @stake’s major clients, 
you see, and Geer is way too smart 
not to have known what was, ahem, 
at stake when he signed his name to 
“CyberInsecurity: The Cost of Mo- 
nopoly.” 

Publicly ticking off a major client 
while embarrassing your CEO is no- 
body’s recipe for job longevity. 

Yet in an interview with our re- 
porter (see page 18), Geer seemed to 
revel in the outcome. When asked 
why the group had chosen to launch 
the report from the anti-Microsoft 
Computer & Communications In- 
dustry Association, Geer called the 
move “an unqualified success.” He 
said it became even more of a suc- 
cess “by adding the publicity engine 
of dissing me in the process. It was 
almost a gift.” A gift for whom? I 
wonder. Not for the credibility of 
that report, which is a shame, be- 
cause it makes many valid points 
about the security costs of Mi- 
crosoft’s dominance. But many of 
our readers told us that industry 
politics and the CCIA’s bias under- 
mined the impact of the 24-page re- 


port. Geer’s firing played 
out more like a publicity 
stunt than a punishment 
for engaging in free 
speech — although it 
clearly had some ele- 
ments of that. 

The bigger disap- 
pointment here was how 
little this expert treatise 
had to offer by way of 
recommendations for IT 
managers struggling to 
secure their enterprises. 

It laid a lump of blame on the feder- 
al government’s doorstep (as if Un- 
| cle Sam will even blink), and anoth- 
er with the user companies that buy 
Microsoft’s security-challenged 
| products because they have little or 
no choice. But the only solutions 
were directed at the government, 
which has a lamentable record of 
getting Microsoft to do anything. 
For example, the feds were urged to 
“vigorously” force Microsoft to pub- 
lish interface specifications for Win- 
| dows and Office and to make nice 


rR 
NELUENCE! 








with vendor consortia on develop- 


| ment. Pretty tepid advice over 


which to risk your credibility. 
a 

On another credibility issue, I 
wrote about Forrester Research’s 
tainted Microsoft vs. Linux report in 
this space two weeks ago [Quick- 
Link 41489]. A number of you ap- 
plauded our new policy of requiring 
disclosure on the funding behind IT 
research reports. A few wondered 
why we weren’t doing so all along. 

I also heard from Forrester CEO 
George Colony, who agreed that the 
Microsoft sponsorship of the Linux 
report had compromised his firm’s 
credibility. He responded by posting 
a new “integrity and objectivity” 
policy on www.forrester.com, in 
which he vows to no longer “accept 
projects that involve paid-for, publi- 
cized product comparisons.” 

Forrester will still conduct spon- 
sored vendor research, Colony ex- 
plained, but no one will have brag- 
ging rights about the results. “Every 
company has conflicts of interest 
that have to be managed,” he said of 
the potential for vendor clients to 
influence the analysts advising user 
clients. “It’s how you manage the 
conflict that matters.” 

Indeed. Your credibility can be, 
um, at stake. @ 41805 
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PIMM FOX 


Cleaning Up 
The Kingdom 
Of Content 


ONTENT may be king, 

but if so, the kingdom 

is a royal mess. Compa- 
nies are bogged down trying 
to meld information from dis- 


parate departments, then 
pushing it through a cumbersome ap- 
proval process only to be stymied by a 
publishing routine that’s time-consum- 
ing and error-prone. And with greater 
emphasis being placed on the integra- 
tion of business units and collabora- 
tion with internal and external part- 
ners, the demand for simple, straight- 
forward content management systems 
(CMS) is acute. 

Luckily, there are ways to clean up 
the mess. By offload- 
ing the software com- 
ponents to applica- 
tion service provid- 
ers, content manage- 
ment can be done via 
a Web-based service 
with common tem- 
plates, step-by-step 
formats, access con- 
trols and shared de- 
sign elements. 

It’s important to 
note that a CMS isn’t 
the same as a document or file man- 
agement system, nor is the ASP model 
appropriate when you're looking for 
enterprise portals connected to robust 
back-end applications. 

But there are distinct advantages. 
Consider the experience of Josh Hoo- 
ver, marketing systems manager at Wa- 
terloo, Wis.-based Trek Bicycle Corp. 
He has developed Web sites for several 
Trek brands, working with numerous 
advertising agencies in the process. 
But there wasn’t a unified approach to 
content, nor was there a coherent 
schedule controlled by Trek’s market- 
ing team. Worse, it was expensive to 
make changes to all of those Web sites. 

“No one knew where anything was in 
the process,” says Hoover, who also had 
to work out how to handle the transla- 
tion services needed in Trek’s growing 
European business. “We would give the 
content to the agency, who would pass 
it to translators, who would pass it back 
to the agency, who would then pass it 
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back to us in this long, burdensome 
process,” he recounts. 

Hoover checked out CMS products 
from Microsoft Corp., RedDot Solu- 
tions Corp. in New York and Crown- 
Peak Technology in Los Angeles, with 


an eye toward a hosted system because | 


of a previous good experience with 
ASP versions of sales force automation 
technology. After the review, Trek se- 
lected CrownPeak because of its fea- 
ture set, the ability to incorporate sev- 
en languages into the workflow (in- 
cluding support for double-bit charac- 
ters for Japanese, which is important, 
since Japan is a growing market for 
Trek) and its forms-based construc- 
tions. Cost was also a big factor, since 
the ASP model is substantially less ex- 
pensive than a prepackaged suite. 

Now Trek controls its main site, cut- 
ting out the ad agencies. It has a new 
Web interface and, with new user per- 
missions, authoring and editing tools, 
it’s off and pedaling. The new site also 
deftly handles outside links to Trek’s 
dealer network. 

When you're finally ready to take re- 
sponsibility for content and don’t need 
massive archiving and back-end con- 
nections, ASP content management is 


the right path. @ 41732 


THORNTON MAY 


A New Era of | 
Living Data | 
Is Coming 
ESEARCH being con- 
ducted in conjunction 
with the Managing the 
Information Resource Pro- 


gram at UCLA indicates that 


we are a mere 10 years away 
from the day when every molecule on 
this planet could be assigned an IP ad- 
dress. Such a possibility underscores 
our need to intellectually grasp the 
massive changes afoot in the evolution 
of information and its management. 

I wonder if we’re prepared for the 
upheaval ahead. In his 1934 seminal 
work, Technics and Civilization, Lewis 
Mumford, the premier technology his- 
torian of the early 20th century, de- 
scribed the first three eras of modern 
technology as follows: 

® The Eotechnic Epoch: Machines are 
made of wood and are driven by water 
or wind. 


OPINION 


made of iron and are driven 


| by steam. 


= The Neotechnic Epoch: 
Machines are made of engi- 
neered materials and are dri- 
ven by electricity. 
The early days of technol- 
ogy were primarily focused 
on the physical movement of 
things. And we haven't al- 
tered our views much since 
then. That’s about to change. 
In the not-so-distant fu- 
ture, in the everything-is-a- 
sensor world of ubiquitous 
IP addresses, the most suc- 
cessful companies will be those that 
are adept at a new kind of alchemy — 
smoothly and efficiently managing the 
following triple transformation: 
1. Data to information. 
2. Information to knowledge. 
3. Knowledge to dollars or action- 
able executive behavior. 
Contemporary futurists and trend 


| watchers concur that the technology 


era we’re about to enter will feature in- 
telligent, semiaware, always-on devices 


The next economy will 
be all about giving meaning 
to the reams of data being 
collected by the infinite ar- 
ray of sensors. 

The winners will see 
first, understand first and 
act first. These happen to 
be central tenets of the U.S. 
military’s transformed war- 
fighting concepts, which in 
turn are extrapolations of 
aerial combat tactics 
stressing the importance of 
having a more accelerated 
OODA loop (the ability to 


| observe, orient, decide and act) than 


an enemy pilot. 

The radio frequency identification 
technologies currently transforming 
retailing and payment systems are just 
the tip of this iceberg. The previewed 
but as yet unreleased “Nixon-in-a- 


| Tablet-PC” feature (i.e., the ability to 
| unobtrusively record the audio and 
| then machine-transcribe all face-to- 


face interactions) of Microsoft’s new 
product line is a taste of the panoptic 
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truly “infomated” economy. For the 
longest time, IT management has 
treated the following not as a phrase 
but as a single word, with emphasis on 
the last four syllables: information- 
technology. 

Historically significant practitioners 
of the information arts (librarians, 
archivists, content managers, content 
creators, intellectual property advo- 
cates and taxonomy creators) have 
been nudged further aside in the Nap- 
ster-swapped/Google-searched early 
stages of the Information Age. The 
skills associated with managing knowl- 
edge (what we know and being able to 
discern what is worth knowing) still 
aren’t given their due. 

But they will have to be elevated in 
the corporate hierarchy as the infomat- 
ed economy accelerates. The situation 
brings to mind Star Trek: The Next 
Generation’s most memorable charac- 
ter, the sentient android, Data. The 
Trekkies succeeded in making data 
come alive. Now it’s our turn. @ 41734 








= The Paleotechnic Epoch: Machines are 


made by other intelligent, semiaware 
devices driven by ubiquitous, nano- 
| scale, data-collecting sensors. 


infolandscape we're heading for. 
Unfortunately, most organizations 
aren't currently set up to prosper in a 
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Readers Reject, Defend Rogue IT Projects 


OGUE PROJECTS [“Dealing 

With Rogue IT,” QuickLink 
40666] are necessary. I've been 
part of a few, and a small number 
that | worked on are still in use after 
many years. IT managers tend to 
plan projects to death, sometimes 
planning until the technologies are 
obsolete. I've watched them spend 
nine months planning to deploy 
backbone switches and then put 
them on the network using the de- 
fault configuration. Most rogue ap- 
plications are up and running for 
months before people find out 
about them, and they've been test- 
ed better than those from IT staff 


velopers’ best interest to ensure 
that everything works, since that al- 
lows them to continue to field what 
is needed for their users. 

Tom Philo 

IT specialist, Portland, Ore. 


HE IT DEPARTMENT needs 

some respect. It’s bad enough 
to take the blame for projects that 
failed due to lack of insight, funding 
or understanding. It's even worse to 


i be blamed for failed projects that 


the department had no handle on. If 


| IT departments tolerate rogue !T, 
| the result will be squandered re- 


sources as departments re-create 
unneeded processes. Would your 
sales unit tolerate IT making sales 


| calls to your best customers? 


Benjamin M. Vogel 
IT director, Protect-all Inc., 


| Darien, Wis. 


HY DO YOU THINK business 


people go around IT? A better 
| question is, Why should we go 


through an outfit that is dedicated 


| to destroying us? Rogue IT is unfor- 
people. After all, it's in the rogue de- | 
| why there is a need for it? Why not 


tunate, but why aren't you asking 


ask why IT doesn’t help us fools 


| down in the trenches? 
Vic Watkins 
| Ogden, Utah 


HETHER OR NOT rogue IT 
projects make sense probably 


depends on whether the IT group or 


the business units are more capa- 
ble of determining ROI. ROI is best 
determined as a joint effort, but 





many centralized IT groups seem to | 
| rules. The rule “You may not have 

| wireless” is far less productive than 
| the guideline “Any net devices must 


be determined to run without ac- 
countability, and many companies 
haven't put in place the appropriate 


| processes to allow for effective 

| communication. Funnily enough, 

| when | saw the title of the article 
“Dealing with Rogue IT,” | initially 

| thought it was going to be about IT 


departments that have stopped 


| looking at the impact of their ac- 


tions on the rest of the business 


| Scott Albrecht 


Chicago 


T DEPARTMENTS generally want 
to maintain what they know, but 


new technology. “Rogue” efforts 


| result when centralized IT becomes | 


so ossified or out of touch with user 
needs that IT policies prevent rea- 


| sonable business workflow sup- 


port. Some technologies that were 
disparaged by backwards-looking 
IT departments include PCs, PC 
LANs, e-mail, Internet access, de- 
partmental Web sites, instant mes- 
saging and Web apps. When there 
are many rogue efforts, it means !T 
is failing to keep up with available 
technology and to communicate. 


WANT OUR OPINION? 


More columnists and links to archives of previous 
columns are on our Web site 
www.computerworld.com/columns 


It's better to issue standards than 


allow verification of every user.” 
James Nickson 


| Ronin Software Group, 
New York, 
| j@roninsoftwaregroup.com 


ENJOYED Gary Anthes’ article on 
dealing with rogue IT activity, but | 


| wish he had addressed how to cope 


when the CIO is the one who is driv- 


| ing these projects behind IT's back. 


Don Yevin 


| Systems programmer, Phoenix 
what they know isn’t up to date with | 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to Jamie 
Eckle, letters editor, Computerworld, 
PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701. 

Fax: (508) 879-4843. 

E-mail: letters@computerworld.com. 
Include an address and phone num- 


| ber for immediate verification. 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 
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The Unwired Office 
starts here. 





ROBUST OBJECTS 
AND ROBUST SQL 


A RARE SIG 
DBMS PRODUCTS 


For your next generation of applications, move 
to the next generation of database technology. 

Caché is the post-relational database that com- 
bines high-performance SQL for faster queries and 
an advanced object database for rapidly storing 
and accessing objects. With Caché, no mapping 
is required between object and relational views of 
data. That means huge savings in both development 
and processing time. 

Applications built on Caché are massively scala- 
ble and lightning-fast. Plus, they require minimal or 
no database administration. 

More than just a database system, Caché incor- 
porates a powerful Web application development 


environment that dramatically reduces the time to 
build and modify applications. 

The reliability of Caché is proven every day in 
“life-or-death” applications at thousands of the world’s 
largest hospitals. Caché is so reliable, it’s the leading 
database in healthcare — and it powers enterprise appli- 
cations in financial services, government and many 
other sectors. 

We are InterSystems, a specialist in data manage- 
ment technology for twenty-five years. We provide 
24x7 support to four million users in 88 countries. 
Caché is available for Windows, OpenVMS, Linux and 
major UNIX platforms — and it is deployed on systems 
ranging from two to over 10,000 simultaneous users. 


InterSystems & 


Ec CACHE 


Make Applications Faster 


Try a better database. For free. 


Download a free, fully-functional, non-expiring version of Caché or request it on CD at www.InterSystems.com/robust 
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CASE STUDY 
Cruise Line Changes BI Tack 


Holland America Line is replacing acumbersome, | 
big-iron-based business intelligence reporting sys- | 
tem with a Web-based one that end users can more 


easily and flexibly access. Page 32 


| 
| 
| QUICKSTUDY 

| Aspect-Oriented Programming 

AOP is a way of creating common or similar functionali- 
ty needed by different parts of a program. In this 
method, specialized mechanisms compose code mod- 
ules, called aspects, into a coherent program. Page 33 


SECURITY MANAGER'S JOURNAL 
Mop-up Continues in Worm Aftermath 


Without automated tools to manage patches 

and virus updates, Mathias Thurman’s effort to 
eradicate Blaster fails and the worm continues to 
creep in through unprotected machines. Page 34 





OHN SAWYER manages data cen- 
ters for corporate clients every 
day. His company, Johnson 
Controls Inc., has plenty of ex- 


perience in data center design 
and management. Nonetheless, 
the Milwaukee-based company’s care- 
fully designed and planned data center 
recently experienced overheating 
problems after installing blade servers. 
Many data center 
INSIDE managers are just be- 
Blade ofter ginning to contem- 
advantages plate large-scale de- 
coe een ployments with mul- 
theyrenotalways tiple racks of ultra- 
the better choice. compact blade 
Page 30 servers. These new 
systems take up far 
less space than traditional rack-mount- 
ed servers, but they dramatically in- 
crease heat density. Throwing multiple 
racks of them into a data center can re- 
sult in problems ranging from outright 
failures to unexplained slowdowns and 
shortened equipment life. 

“Today, because of the way the air 
handlers are configured, we can’t han- 
dle more than 2 kilowatts per rack,” 
says Sawyer, head of critical facility 
management services at Johnson Con- 
trols. Sawyer says new air-handling 
equipment can boost that figure into 
the 3-to-4-kw range. But new blade 
servers could consume 15 kw per hour 
or more when fully loaded. That 
equates to more British thermal units 
per square foot than a typical house- 
hold oven and requires a cooling ca- 
pacity sufficient to air-condition two 

gs, 
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Ultradense 1U and blade server racks are blazingly fast 
- and amazingly hot. Keeping them from burning up is more 
complicated than you might think. By Robert L. Mitchell 





homes, facilities engineers say. So 
Sawyer can spread out the racks or 
partially fill each one to reduce overall 
wattage per square foot, or he can add 
localized, spot-cooling systems. 
Although most data centers don’t 
have many high-density racks today, 
data center managers are beginning to 
replace server racks with more com- 
pact designs, some of which accommo- 
date more than 300 servers in a single 
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Moving Towar 


42U rack. (1U is 1.75 in.) “You can see a 
| train wreck coming,” says Kenneth 
Brill, executive director at The Uptime 
| Institute Inc. in Santa Fe, N.M. 

And while vendors say their systems 
are designed to run efficiently in fully 
loaded racks, they don’t necessarily 
take into account the broader impact 
that large numbers of such racks will 
have on the rest of the data center. 

“We can deal with one or two of 
| these things, but we don’t know how to 
| deal with lots of them,” says Brill. 

The problem is compounded by two 
| facts: Every data center is designed dif- 
| ferently, and the industry has yet to 
agree on a standard for designing data 
center cooling systems that can handle 
15 to 20 kw per rack. 

The current guidelines from the 
American Society of Heating, Refriger- 
| ating and Air-Conditioning Engineers 
| Inc. (ASHRAE) are outdated, says Ed- 
| ward Koplin, president of Jack Dale 

Associates PC, an engineering consult- 

ing firm in Baltimore. “Design engi- 

neers are using standards from the 
| days of punch cards and water-cooled 
Continued on page 26 
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mainframes,” he says. Atlanta-based 


ASHRAE is working hard on new ther- 


mal guidelines, says Don Beaty, chair 
of the group’s High-density Electronic 
Equipment Facility Cooling Commit 
tee. He expects a published standard 
by year’s end. 

But rack cooling is a | wcern 
right now for Ron Richardson, staff 
manager in the IT operations center at 
Qualcomm Inc. in San Diego. The 
company’s chip division wants to up- 
grade a large engineering compute 
farm to make the best use of its design 


software. “If our business unit had its 


Hot Tips 


For Keeping Racks Cool 


{ Consider spreading out hot 
racks to reduce average heat 
density per square foot. 


Map the vertical profile of in- 
take air temperatures in the 
computer room at least once a 
quarter. Keep temperatures at 
or below 75 degrees. 


Use a hot aisle/cold aisle con- 
figuration and follow best prac- 
tices. (See QuickLink a3650.) 


Install internal blanking panels 
to fill openings within the face 
of the rack or cabinet to prevent 
internal back-to-front hot-air 
recirculation. 


Keep bypass airflow under 
raised floors at 10% or below 
by sealing raised floor 
openings. 


Install the proper quantity of 
perforated tiles in the cold aisle. 
Use 40% or 60% open grates 
for densities above 3 kw per 
cabinet. 


Remove turning vanes on cool- 
ing-unit discharge air ducts. 
These increase vertical cold-air 
velocity and starve equipment 
closest to the cooling unit. 


Raise cooling unit return-air set 
points to 72 degrees to reduce 
dehumidification and increase 
available cooling capacity. (Do 
only after bypass airflow is at or 
below 20%). 


Consider relocating cooling 
units if hot spots persist. 


Keep that old mainframe water- 
cooling system. Chilled water 
will be coming back within 12 to 
24 months for high-end blade- 
server products. 
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way, they would want 100 racks full of 
[blade] servers, but I don’t think we’ll 
be able to do that. Fifteen kilowatts is 
incredible. You have to do extraordi- 
nary things to cool that unless you 
want to burn them up,” he says. And 
the idea of leaving racks partially filled 
is a nonstarter. “Who wants to put 
servers in [part of ] the rack and leave 
the rest empty?” he says. 

Some heat-related problems come 
from inadequately designed environ- 
ments, say engineers. “We find that 
people consistently have trouble cool- 
ing 2- or 3-kw racks. It’s common to 
find a 10-degree difference between 
the floor and the top,” says Pitt Turner, 
principal at ComputerSite Engineering 
Inc., also in Santa Fe, and a consultant 
at The Uptime Institute. The problem 
is usually airflow. “Normally, we find 
excess [cooling] capacity is installed in 


the floor, and it’s poorly used,” he says 


Avoiding a Blowout 

When rack-top temperatures exceed 

75 degrees Fahrenheit, heat-related 
problems, such as failures or shortened 
equipment life, may begin to crop up. 
In addition, many high-end blade proc- 
essors are designed to reduce clock 
speed as temperatures rise. This pro- 
tects components, but administrators 
who aren't monitoring air-intake tem- 
perature at the top of the racks might 
misinterpret the cause and add more 
blades to try to increase performance, 
adding fuel to the not-so-proverbial 
fire, Brill says. 

Richardson decided to design a new 
data center to accommodate blade 
servers. “We believe we can do 10 kw 
per rack,” he says. The plan uses a hot 
aisle/cold aisle design that involves 
placing rows of racks so that racks face 
one another. Chilled air from the cold- 
aisle floor passes into each rack and 
out the back into hot-air aisles, where 
it’s removed and cooled again. 

Going beyond that would require 
adding spot cooling devices to individ 
ual racks. Liebert Corp., a Columbus, 
Ohio-based division of Emerson Net- 
work Power Systems Inc., offers de- 
vices designed to pull hot air out of 
racks and cool it quickly, including ceil- 
ing-mounted air-conditioning units and 
bolt-on exhaust fans that suck hot air 
directly off the back of racks. The prob- 
lem with that approach is scalability, 
says Brian Benson, senior mechanical 
engineer at consulting firm Mazzetti & 
Associates Inc. in San Francisco. “If 
you put 500 of those racks in, your scal- 
ability and the maintenance [require- 
ment] become incredible,” he says. 

Consultants disagree on how many 


Maximum kilowatts 
consumed in a fully 
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IBM eServer Blade Center HS20 (84 blaces) (UgRIAIIAAIInsnnnnnmINI T,] 
Sun SunFire B series (224 blades) SaaS 7 | 
RLX ServerBlade 3000i (70 biades) AEE =) 
Dell PowerEdge 1655MC (84 blades) San |) 
HP ProLiant BL e-Class (280 blades) Sime) 
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These are the maximum power requirements for a sampling of server blades when operating in 
a fully loaded rack. Maximum blades per rack and wattage information is based on vendor- 
supplied data. The household oven wattage is included as a reference point for relative overall 
heat load but is not directly comparable since server racks are taller and have a larger volume. 


kilowatts can be cooled effectively 
with a traditional, raised-floor comput- 
er room air-conditioning system. Most 
say 4 to 5 kw is the upper limit, but the 
real-world answer depends on each 
data center’s design. 

Each kilowatt of load requires pass- 
ing 140 cubic feet per minute of air 
through the rack for proper cooling, 
says Fred Stack, a vice president at 
Liebert. “In tomorrow’s rack, you’re 
looking at [more than] 1,000 cubic feet 
of air per minute,” he says. 

That’s solvable, says Brill, but there’s 
no margin for error. “You absolutely 
have to do about a dozen things cor- 
rectly, and most sites aren't going to do 
that,” he says. That includes adequate 
under-floor space that’s sealed and 
clear of cabling, pipes and other ob- 
structions as well as racks that are 
meticulously sealed to control airflow. 

Buying extra cooling capacity can be 
just as disastrous as an undersized sys- 
tem if it pushes the air under the floors | 
too quickly, says Neil Rasmussen, chief 
technology officer at American Power 
Conversion Corp. in Kingston, R.I. 
‘The fact that it’s flowing quickly un- 
der the floor actually causes a Venturi 
effect that sucks air down into the 
floor instead of pushing it up into the 
cold aisle,” he says. Air from the hot 
aisle then flows over the top of the 
racks and recirculates through the 
equipment, overheating it. 

Bob Sullivan, a consultant at Com- 
puterSite Engineering, says he has 
cooled 7-kw racks. But, he says, “it re- 
quires so much air coming out from 
under the floor that you're limited to 
cooling about six racks with a large 
cooling unit.” Overall load across the 
data center still needs to stay at under 
100 watts per square foot, he says. “Be- 
yond that, you're losing more space to 
cooling than you're saving by com- 


| 
| 
| 
| 
| 


g : 
pressing the racks,” he says. | 


Meanwhile, blade vendors Hewlett- 
Packard Co., Sun Microsystems Inc. 
and IBM say that blades will get small- 
er and more powerful. IBM, which has 
been down this road before with main- 
frames, says cooling may be going back 
to the future. “We don’t want to move 
to water cooling, but it feels like it’s in- 
evitable. By the end of next year, we'll 
be on the brink of that,” says Jeff 
Benck, vice president of IBM’s eServer 
BladeCenter. And by 2005, Benck says, 
external water systems that cool at the 
individual blade or blade chassis level 
will be required equipment. 

HP’s current designs use blade- 
mounted fans, and the company says it 
should be able to cool individual racks 
at up to 18 kw. However, Sally Stevens, 
director of marketing for blades at HP, 
doesn’t recommend deploying blades 
in fully loaded racks. 

Sun owns the Spare CPU used in its 
blades and therefore has more control 
over the design, but Chief Technolo- 
gist Subodh Bapat says the company is 
also looking toward liquid cooling. 

As server density increases, Johnson 
Controls’ Sawyer worries that more 
complex cooling designs will increase 
costs and create ongoing maintenance 
headaches. “We need an alternative 
that’s going to be feasible and at the 
same time not elevate risk,” he says. 

Qualcomm’s Richardson says he has 
discussed the issue with several ven- 
dors. “Every one has some little tidbit 
that you can learn, but nobody seems 


to have every answer.” @ 41566 


CHILL OUT 


Collaboration between IT and facilities staffs 
will be critical as server densities increase 


QuickLink 41669 


ASHRAE is working on updated standards for 
data center cooling 
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mainframes,” he says. Atlanta-based 
ASHRAE is working hard on new ther- 
mal guidelines, says Don Beaty, chair 
of the group’s High-density Electronic 
Equipment Facility Cooling Commit- 
tee. He expects a published standard 
by year’s end. 

But rack cooling is a big concern 
right now for Ron Richardson, staff 
manager in the IT operations center at 
Qualcomm Inc. in San Diego. The 
company’s chip division wants to up- 
grade a large engineering compute 
farm to make the best use of its design 


software. “If our business unit had its 


Hot Tips 
For Keeping Racks Cool 


Consider spreading 
racks to reduce average heat 
density per square foot. 


Map the vertical profile of in- 
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way, they would want 100 racks full of 
[blade] servers, but I don’t think we'll 
be able to do that. Fifteen kilowatts is 
incredible. You have to do extraordi- 
nary things to cool that unless you 
want to burn them up,” he says. And 
the idea of leaving racks partially filled 
is a nonstarter. “Who wants to put 
servers in [part of ] the rack and leave 
the rest empty?” he says. 

Some heat-related problems come 
from inadequately designed environ- 
ments, say engineers. “We find that 
people consistently have trouble cool- 
ing 2- or 3-kw racks. It’s common to 
find a 10-degree difference between 
the floor and the top,” says Pitt Turner, 


principal at ComputerSite Engineering | 


Inc., also in Santa Fe, and a consultant 
at The Uptime Institute. The problem 
is usually airflow. “Normally, we find 
excess [cooling] capacity is installed in 
the floor, and it’s poorly used,” he says. 


Avoiding a Blowout 

When rack-top temperatures exceed 

75 degrees Fahrenheit, heat-related 
problems, such as failures or shortened 
equipment life, may begin to crop up. 


In addition, many high-end blade proc- | 


essors are designed to reduce clock 
speed as temperatures rise. This pro- 
tects components, but administrators 
who aren’t monitoring air-intake tem- 
perature at the top of the racks might 
misinterpret the cause and add more 
blades to try to increase performance, 
adding fuel to the not-so-proverbial 
fire, Brill says. 

Richardson decided to design a new 
data center to accommodate blade 
servers. “We believe we can do 10 kw 
per rack,” he says. The plan uses a hot 
aisle/cold aisle design that involves 
placing rows of racks so that racks face 
one another. Chilled air from the cold- 
aisle floor passes into each rack and 
out the back into hot-air aisles, where 
it’s removed and cooled again. 

Going beyond that would require 
adding spot cooling devices to individ- 
ual racks. Liebert Corp., a Columbus, 
Ohio-based division of Emerson Net- 
work Power Systems Inc., offers de- 
vices designed to pull hot air out of 
racks and cool it quickly, including ceil- 
ing-mounted air-conditioning units and 
bolt-on exhaust fans that suck hot air 
directly off the back of racks. The prob- 
lem with that approach is scalability, 
says Brian Benson, senior mechanical 
engineer at consulting firm Mazzetti & 
Associates Inc. in San Francisco. “If 
you put 500 of those racks in, your scal- 
ability and the maintenance [require- 
ment] become incredible,” he says. 

Consultants disagree on how many 
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of server blades when operating in 


a fully loaded rack. Maximum blades per rack and wattage information is based on vendor- 


ied data. The household oven wattage is included as a reference point 


for relative overall 
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heat load but is not directly comparable since server racks are taller and have a larger volume. 


kilowatts can be cooled effectively 
with a traditional, raised-floor comput- 
er room air-conditioning system. Most 
say 4 to 5 kw is the upper limit, but the 
real-world answer depends on each 
data center’s design. 

Each kilowatt of load requires pass- 
ing 140 cubic feet per minute of air 
through the rack for proper cooling, 
says Fred Stack, a vice president at 
Liebert. “In tomorrow’s rack, you’re 
looking at [more than] 1,000 cubic feet 
of air per minute,” he says. 

That’s solvable, says Brill, but there’s 
no margin for error. “You absolutely 
have to do about a dozen things cor- 
rectly, and most sites aren’t going to do 
that,” he says. That includes adequate 
under-floor space that’s sealed and 
clear of cabling, pipes and other ob- 
structions as well as racks that are 
meticulously sealed to control airflow. 

Buying extra cooling capacity can be 
just as disastrous as an undersized sys- 
tem if it pushes the air under the floors 
too quickly, says Neil Rasmussen, chief 
technology officer at American Power 
Conversion Corp. in Kingston, R.I. 
“The fact that it’s flowing quickly un- 
der the floor actually causes a Venturi 
effect that sucks air down into the 
floor instead of pushing it up into the 
cold aisle,” he says. Air from the hot 
aisle then flows over the top of the 
racks and recirculates through the 
equipment, overheating it. 

Bob Sullivan, a consultant at Com- 
puterSite Engineering, says he has 
cooled 7-kw racks. But, he says, “it re- 
quires so much air coming out from 
under the floor that you’re limited to 
cooling about six racks with a large 
cooling unit.” Overall load across the 
data center still needs to stay at under 
100 watts per square foot, he says. “Be- 
yond that, you’re losing more space to 
cooling than you’re saving by com- 
pressing the racks,” he says. 





Meanwhile, blade vendors Hewlett- 
Packard Co., Sun Microsystems Inc. 
and IBM say that blades will get small- 
er and more powerful. IBM, which has 
been down this road before with main- 
frames, says cooling may be going back 
to the future. “We don’t want to move 
to water cooling, but it feels like it’s in- 
evitable. By the end of next year, we'll 
be on the brink of that,” says Jeff 
Benck, vice president of IBM’s eServer 
BladeCenter. And by 2005, Benck says, 
external water systems that cool at the 
individual blade or blade chassis level 
will be required equipment. 

HP’s current designs use blade- 
mounted fans, and the company says it 
should be able to cool individual racks 
at up to 18 kw. However, Sally Stevens, 
director of marketing for blades at HP, 
doesn’t recommend deploying blades 
in fully loaded racks. 

Sun owns the Sparc CPU used in its 
blades and therefore has more control 
over the design, but Chief Technolo- 
gist Subodh Bapat says the company is 
also looking toward liquid cooling. 

As server density increases, Johnson 
Controls’ Sawyer worries that more 
complex cooling designs will increase 
costs and create ongoing maintenance 
headaches. “We need an alternative 
that’s going to be feasible and at the 
same time not elevate risk,” he says. 

Qualcomm’s Richardson says he has 
discussed the issue with several ven- 
dors. “Every one has some little tidbit 
that you can learn, but nobody seems 
to have every answer.” @ 41566 
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Weighing the Change to 





Blades 
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| ware Inc.’s virtualization software], 
but when HP came out with its Gener- 
| ation 1 blades, it was the same price as 
VMware, and we’d really prefer hard- 
ware over software. That was the tack 
we took.” 
| — Also, Scott pointed out that blade 
servers have “a fairly nominal learning 
| curve.” HP offers software tools to aid 
| with blade server deployment, but 
these tools can also be used across 


| rack and tower servers. “So it’s not lim- 


ited to blades,” he notes. 





New advances are extending the range of applications 
for blade servers, but in many situations, a traditional server 
may still be the best choice. By Julia King 


S IBM, HEWLETT-PACKARD CO. 
and other system vendors push 
to market ever more powerful 
and lower-cost blade servers, 
evidence is mounting that these 
ultracompact servers may be 


ready to move beyond traditional appli- | 
| rector of blade server products at IBM. 
| Specifically, if a user is looking to de- 

| ploy fewer than five servers, blades 

| aren’t the right choice, he notes. 


cations such as Web server farms. But 
users and analysts say they’re more 
likely to coexist with traditional rack 
servers than they are to replace them. 
Blade servers reduce hardware com- 
ponents and save data center space by 
condensing the power and bulk of tradi- 
tional servers onto a single high-density 
circuit board. These typically plug ver- 
tically into a chassis that’s 3U or taller 


and slides neatly into a standard server | 
| databases, vendors say. 


rack. (A 1U device is 1.75 in. high.) 

Blade servers can also be more flexi- 
ble and easier to manage 
than traditional, rack-mount- 
ed servers. This flexibility 
comes from the ability to 
swap out different preconfig- 
ured blades into a single 
chassis as business require- 
ments change. 

But such advantages over compact 
1U servers so far haven’t — and 
shouldn’t — make blade servers the 
automatic choice every time, analysts 
and users say. 


A Different Architecture 


“There’s still a pretty considerable role 
in the universe not just for 1U servers, 
but for 2Us and 3Us,” particularly 
where there’s a need for local data 
storage, says Jonathan Eunice, an ana- 
lyst at Illuminata Inc. in Nashua, N.H. 
“When you get to blades, which are 
sub-U density, you start to lose the 
space to put in disk drives.” 

Some blades, such as IBM’s HS20, 
offer onboard support for a few disk 
drives. But most blades gain access to 


eee MC tN 

considerable role in 
BMT clescm ite) a TS 
for 1U servers, but for 
2Us and 3Us.” 


| storage through a Fibre Channel link 

| or across Ethernet. “That’s a different 

| architecture than many users are ac- 

| customed to, so blades mean a cultural 


shift to remote storage,” Eunice says. 
“There are times when a 1U [server] 


makes more sense,” says Jeff Benck, di- 


At the same time, developments in 


blades, such as the addition of more- 


powerful processors and new network 


| and storage connectivity options, are 
| enabling their deployment for a wider 


range of enterprise applications that 
must scale up instead of out, such as 


HP’s four-processor BL40p blade, 
for example, has dual on- 
board PCI-X slots that ac- 
commodate Fibre Channel 
host bus adapters for con- 
necting to large storage-area 
network (SAN) clusters 
used in running corporate 
applications, such as mes- 
saging or ERP systems, says Sally 


| Stevens, HP’s director of blade server 


platforms. “This line of blade servers 


| addresses enterprise-class applica- 


tions. We can hit all of the applications 


| a traditional server hits,” she claims. 


For Larry Scott, manager of server 


| support at Dollar Rent A Car Inc. in 
| Tulsa, Okla., cost was the primary 

| driver behind the company’s decision to | 
| move to HP ProLiant BL e-Class blade 
| servers for a range of applications that 
| includes front-end Web services to 

| midlevel data center applications. 


“Twelve months ago, when the 
whole industry was really constrained, 
[the ProLiant BL e-Class] was the low- 
est-end server you could get,” Scott re- 
calls. “Truthfully, we looked at [VM- 


Meeting Processing Needs 
Another blade user, Keith Grimes, 
chief technology officer at Memphis- 


| based Investigation Technologies 
| LLC, which does business under the 


name of Rapsheets, says he chose 


| IBM’s eServer BladeCenter to more ef- 


ficiently handle the ever-increasing 
processing demands of customers 
searching the 150 million criminal 
records in the company’s database. 

“We were using IBM cluster servers 
and clustering together four or five 
servers for redundancy and fault toler- 
| ance,” Grimes recalls. Now, Rapsheets 
| is running seven blades with dual Xeon 
processors that boot directly off a SAN. 
“There are no hard drives, and Blade- 
Center allows 14 blades to be on one 
Fibre [Channel] connection [to the 
SAN], thereby increasing the efficiency 
| of the processing power vs. the stor- 
age,” says Grimes. 

BladeCenter also makes it easier to 
do distributed processing, he adds. “We 
| may search a name up to 12 different 
| ways, flip-flopping first and last names 
| or using initials, and the way our appli- 
| cation is written, we can spin off the 
searches to different blades and let 
them operate on their own to optimize 
the database and then return all of the 
| results and aggregate them,” he notes. 
| “I can search by first name, last 
| name and date of birth and create an 
index. Then I can create another index 
on the last name and middle name. It’s 
faster than having both indexes on one 
database,” he says, adding that the 
turnaround time is less than a second. 

One downside to blades is that they 


| have problems with heat dissipation 


(see story, page 25). “IBM has actually 
installed a blower on the back of the 
blade chassis that can get pretty loud. It 
sounds like a small jet engine or several 
hair dryers taking off at once,” Grimes 
says. Rapsheets houses the server rack 
in a separate, air-conditioned room. 
Users considering migrating to blades 
should plan for their cooling require- 
ments accordingly, Grimes notes. 
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A aay of options 


Hewlett-Packard Co. 


@ Offerings: HP's BL series includes one: to 
four-processor blades with optional support 
for two onboard 2Gbit/sec. Fibre Channel 
host bus adapters in its BL40p blades. HP 
also offers a high-density, single-processor 
BL e-Class server line. 

# Differentiation: HP is the only vendor 
currently offering four-processor blades. 


@ Offerings: Dual-processor HS20 server 
blades for its BladeCenter line; IBM plans to 
introduce a four-processor blade with SAN 
connectivity later this year. IBM's blades 
include integrated Gigabit Ethemet. - 
Differentiation: IBM claims it was the first 
to offer an integrated Layer 2-7 Ethernet 
switch that plugs into its blade chassis. 


@ Offerings: The Sun Fire B1600 Blade 
Piatform supports up to 16 blade servers based 
on Sun UltraSpare processors or Intel Corp. 
x86 processors in a 3U chassis. The x86 
blades will run Solaris or Linux; Sparc blades 
run only Solaris. 

# Differentiation: Sun is the only vendor to 
offer mix-and-match operating system 
capabilities on its blades. 


Dell Inc. 


m Offerings: Dell's dual-processor 
PowerEdge 1655MC accommodates up to six 
server blades in a 3U chassis. 

s Differentiation: Dell touts its free Open 
Manage Remote Install tool that lets users 
set up and capture an image of the server 
operating system and transmit it across a 
network to configure new blades, 


RLX Technologies Inc. 


w Offerings: Offers blade servers that use 
both Transmeta Corp. and Intel processors. 
RLX ServerBlades plug into a chassis and 
include dual onboard Ethernet connections 
and up to two hard drives. its performance 
blades include support for dual 4x InfiniBand 
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Cruise Line 
Changes BI Tack 


Web-based reporting system promises returnsin 
sales, marketing and management. By Marc L. Songini 


N AN ATTEMPT TO NAVIGATE rough 
economic seas, Holland America 
Line Inc. is trading its cumbersome 
old big-iron-based business intelli- 
gence reporting system for a Web- 
based one that end users can more 
easily and flexibly access. 
The move was triggered by 
the Seattle-based cruise compa- 
ny’s decision to use improved BI 
tools in order to make an addi- 
tional $1 million annually through 
more efficient sales, marketing and 
revenue management. This required 
changes to its existing reporting and 
analysis system. 
Prior to launching the upgrade to 


| the new reporting system a year ago, 


the information systems staff needed 
to access operations information from 


| the company’s IBM S/390 mainframe 


and format it into reports, says Jon 
Dawson, Holland America project 
manager. 

The reports included every- 
thing from small, ad hoc in- 
quiries to major “canned” re- 
ports that were prepared weekly 

to assess the company’s revenue and 
inventory performance, says Paul 


| Grigsby, senior revenue manager at 


Holland America. 
To improve this system, Holland 
America installed software from Infor- 


Middleware. 
It’s at the movies. 





mation Builders Inc., a New York- 
based BI software maker. Dawson says 
the cruise company implemented In- 
formation Builders’ WebFocus analysis 
tool to connect to the mainframe 
through an adapter and pull out the 
relevant information for queries and 
reports. The application, which runs 
on a Sun Microsystems Inc. box with a 
single CPU, uses extract, transform 
and load data-prepping technology for 
use with Microsoft Excel or Word. The 
system also includes WebFocus Re- 
porting Server, which enables users to 
do analysis, reporting and querying. 
Dawson says that turning around re- 
port requests previously took up to 
two days. Using the WebFocus BI dash- 
board, Holland America’s IS staff can 
fine-tune parameters and turn over re- 
ports to end users almost immediately. 
Some end users even make their 
own reports. But in order to do that 
they need to be trained and, as Dawson 


| says, “spend the time to get to know 


the data.” 
According to Grigsby, WebFocus is 
primarily used by revenue manage- 


| ment personnel for the smaller reports, 


whereas IS staffers working off the 
mainframe still handle the bigger ones. 


Starting Slowly 
“We’re still growing the system,” says 
Dawson. “It’s the tip of the iceberg.” 

For instance, Holland America is 
working to define the data needed 
from the ships to analyze onboard 
spending by department and for spe- 
cific excursion purposes. The compa- 
ny is facing limitations because of the 
size of the existing database system, 
says Dawson, so it plans to load the in- 
formation into an Oracle Corp.-based 
data warehouse by December. 

End users are already noticing a dif- 
ference. A report that required coding 
and printing by IS staffers and took 
days to complete now takes just min- 
utes to run with WebFocus on a PC, 
says Grigsby. “And this is where the 


flexibility comes into play,” he adds. “If 


I wish to see a different view of the 


| same information, I can simply change 


the sort sequence or introduce new 
fields into the inquiry without having 
to formally request a new report from 
the information systems department. It 
makes both my time and the informa- 
tion systems department’s time more 
efficient.” 

The reports are indeed more flexible 
and easier to get to, says Teresa Ten- 
nant, manager of online communica- 
tions for the shore excursion depart- 
ment at Holland America. Currently, 
the IT department and a BI specialist 
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Seattle 


ants e) 
were unable to access useful data 
easily, which was costing the 
Prey ALLL) A 


The company 
replaced.a mainframe-based 
business intelligence reporting 
system with a Web-based reporting 
and analysis system. 


prepare reports for her, but Tennant 
plans to be trained to prepare them 
herself. 

After the report is written, she can 
get it by logging into a Web site and 
accessing it in whatever format she 
wants — Excel or Word document or 
PDF. Tennant needs several types of 
reports for her work and she’s able to 
select them from a complete menu. 

“It’s very handy. I can drill down into 
complete details of the booking by 
travel agency and individual,” she says. 

There was some doubt among the 
company’s end users when the project 
began, says Grigsby. “We are yield 
managers, not computer programmers, 
and I was frankly suspicious about 
putting the reporting function in our 
hands,” he explains. “However, after 
training and a goodly amount of trial 
and error, we began to see the rewards 
of empowering the end users.” 

Given current conditions in the trav- 
el industry, which has been squeezed 
by factors like the SARS outbreak, the 
war in Iraq and the down economy, 
Holland America needed to be able to 
rapidly identify and track industry 
trends, says Bill Hostmann, an analyst 
at Gartner Inc. in Stamford, Conn. 

The real value of the new system at 
Holland America, Hostmann says, “is 
how it makes it easier to develop and 
distribute business management infor- 
mation to more users in a timely fash- 
ion around the world than ever before 


| and thereby more fully leverage exist- 


ing IT investments.” @ 41567 
We're still growing 
the system. It’s 

the tip of the iceberg. 


JON DAWSON, PROJECT MANAGER, 
HOLLAND AMERICA 
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ect-Oriented 


rogramming _ 


DEFINITION 


Aspect-oriented programming is a new way of creating 
common or similar functionality needed by different 
parts of a program. Programmers describe needed 
behavior in modules called aspects and then rely on 
specialized AOP mechanisms to weave or compose 
them into a coherent program. 


BY RUSSELL KAY 
O UNDERSTAND aspect- 
oriented programming 
(AOP), let’s first take a 
look at two models of 

labor union organization in 

the U.S. The old American 

Federation of Labor organized 

workers vertically, according 

to their particular craft or 
trade. Thus, a large company 
might have dozens or hun- 
dreds of unions to deal with, 
each representing a specific 
group of workers. The 
younger Congress of Industri- 
al Organizations, on the other 
hand, organized a single union 
for all workers in a given in- 
dustry regardless of their indi- 
vidual trades. 

Under the AFL ap- 
proach, each separate 
craft union needed its 
own officers and orga- 
nizers, and each would 
have to negotiate separately 
with management. The CIO’s 
horizontal approach, however, 
cut across the different trades; 
it could provide similar ser- 
vices and benefits for all work- 
ers in a company en masse. 

Traditional programming 
methodologies, even struc- 
tured and object-oriented ap- 
proaches, are vertical or hier- 
archical in nature, like the AFL 
model. For any given applica- 
tion, there are a number of 
common operations that, be- 
cause of minor differences in 
their logic, the way they’re 
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| handled, the other modules 


they interact with or the data 


| they use, must be programmed 


separately. With AOP, the idea 
is to look at these operations 
and abstract them in sucha 
way that they can be called 


| from anywhere. 


Method Calls 


AOP uses a new type of soft- 
ware module, called an aspect, 
that cuts across traditional 
classes and organizational 
models. The essence of AOP 
is that every object-oriented 


program, well designed or not, 


contains some method calls 
that appear in several places 
throughout the program. 
Method calls trans- 
fer control to a specif- 
ic closed subroutine 
within a program. If 
you change the call to 
a particular method or 
its error-handling routine, you 
may need to make changes in 
every occurrence of this call 
— potentially requiring hun- 
dreds or thousands of manual 
edits. Such crosscutting typi- 
cally occurs in distribution, 
synchronization, failure han- 
dling, policy enforcement and 
performance optimization, as 


| well as in a number of com- 


mon design patterns. 
Prior to AOP, developers 


| found it difficult to deal with 


this crosscutting behavior, be- 
cause separate pieces of iden- 
tical or nearly identical code 


were scattered throughout 


many different modules. AOP 
lets you program an aspect 


| once and then reuse it. AOP 


encapsulates behaviors that 
affect multiple classes into 


| reusable modules. A code 


weaver (which can be an inter- 
preter, compiler or preproces- 
sor) then combines the aspects 
and the classes appropriately. 
Some developers have been 


| concerned because when you 
| make a change in an aspect, 


there’s generally no simple 
way to know which modules 
will be affected by it. But AOP 
integrated development envi- 
ronment extensions address 
this problem, making it possi- 
ble to browse the crosscutting 
structure of aspects. 


3-D Programming 
From their earliest days, 
programming languages and 


| methodologies have used 
various kinds of modular 


construction, such as sub- 


| routines, functions, proce- 
| dures and objects. 


Modularity made programs 


| easier to write and debug and 
| allowed reuse of sections of 


code. Previous forms of modu- 


| larity are, however, primarily 


hierarchical — layers of proce- 


| dure libraries, object-oriented 
| class graphs and others. AOP 
| adds to this the ability to work 


with a modular structure that 
cuts across these hierarchies. 
Another way to look at AOP 


| programming is by relating it 


to dimensionality. Procedural 
programming deals with all 
concerns in a line. Though we 
can move pieces of code into 
different functions, the main 
stream still controls the entire 


process. This is the linear, one- 


dimensional model. 


| QuickStudies, go o to 
| computerworld.com/quickstudies 


“USING AGP 


When object-oriented pro- 
gramming is introduced, we 
can present the world in com- 
puter language in a more nat- 
ural way by describing differ- 
ent objects and their func- 
tions. Connections between 
different objects form a net- 
work. We can think ef this as a 
2-D model. 

AOP recognizes that this 
model needs more dimen- 
sions, because crosscutting or 
distributed code can be seen 
as making extra connections 
that can’t be mapped in a 2-D 
space. AOP connects program 
components in a 3-D way 
without disrupting existing 
connections and relationships. 
@ 41505 
Kay is a Computerworld con- 
tributing writer in Worcester, 
Mass. Reach him at russkay@ 
charter.net. 
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An AOP Glossary 


ADVICE: Code that runs after 
certain conditions are met. Ad- 
vices allow you to transparently 
apply things like logging and 
metrics to an object model. 
ASPECT: A construct, resem- 
bling classes, for addressing 
concerns that cut across class- 
es. An aspect can contain meth- 
ods and fields, extend other 
classes or aspects, and imple- 
ment interfaces. 

CONCERN: Some functionality 
or requirement necessary in a 
system that may or may not 
have been implemented in a 
code structure. Concerns can 
range from high-level notions 
like security and quality of ser- 
vice to low-level notions such as 
caching and buffering. They can 
be functional, like features or 


business rules, or systemic, such as 
synchronization and transaction 
management. 


CROSSCUTTING: Two concerns 
crosscut if the methods related to 
those concerns intersect. An aspect 
crosscuts the traditional class and 
method boundaries by applying the 
same code in each. 


INTERCEPTOR: Used to implement 
an advice in JBoss 4.0, a popular 
Java application server. 


INTRODUCTION: A way to add meth- 
ods or fields to an existing class, to 
bring multiple inheritance to plain 
Java classes or to attach a new API 
to an existing object model. Used in 
JBoss 4.0. 


JOINPOINTS: Points, or hooks, in a 
program's execution where en- 
hancements can be added or behav- 


iors attached. For example, 
joinpoints could define calls to 
specific methods in a class. 
METADATA: Additional infor- 
mation that can be attached 
to a class or a given instance 
of an object, either statically or 
at runtime. Metadata helps 
when writing truly generic as- 
pects that can be applied to 
any object, but the logic needs 
to know class-specific infor- 
mation. 

POINTCUTS: Program con- 
structs that designate join- 
points and collect specific con- 
text at those points. 

WEAVE: To assemble an indi- 
vidual concern into a process 
by interlacing different execu- 
tion-logic fragments according 
to some supplied criteria. 
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Mop-up Continues 


In 


Without automated tools in place, patch 
and virus signature update compliance 
become increasingly difficult to manage. 


By Mathias Thurman 


T HAS BEEN MORE than a 

month since the Blaster 

worm hit, and my company 

is still having problems. 
The main one is that we have 
thousands of desktops and my 
security team and I don’t have 
a strong and fully automated 
way to identify and track up- 
dates on them. 

This situation is a nuisance, 
if not a crisis. We 
know what to do, and 
we’ve communicated 
the need to keep up- 
dates current to all 


don’t always happen 
the way we'd like. 

We’ve made some network 
configurations within our 
routers to limit the damage as 
much as possible, but in some 
instances that has prevented 
legitimate business activity 
from occurring. In some of 
those cases, we’ve had to re- 
move added access-control 
lists because it’s more impor- 
tant to have revenue-generat- 
ing functions working than it 
is to prevent the Blaster worm 
from propagating. 

Another challenge I face is 
political. At other companies 
where I’ve worked, the desk- 
top support group was respon- 
sible for virus removal and 
prevention, while the IT secu- 
rity group tracked down the 
source of any malicious activi- 
ty. I never wanted the security 
team to be the focal point for 
virus eradication within the 
organization, but detection 
and eradication have morphed 
into IT security department 
responsibilities. I’d like to 
change that, but if I start try- 
ing to shift responsibilities at 
this stage of the game, I'll only 


generate resentment from oth- 
er organizations. So, my 


| 
| 
| staffers — all four of them — 
| 
| 
| 
| 


are stuck dealing with virus 
updates and patches for nearly 


| 10,000 desktops. That said, we 


| 
| 
| 
| 
| 
| 
| 
| 
| 


are making progress. Hopeful- 
ly, within the next week we'll 
have cleaned up the environ- 
ment completely — until the 


| next variant comes along. 


pA es 


SECURITY 
MANAGER'S 
employees, but things JOURNAL 3 


ise 


Other than the 
Blaster fallout, this 
week was fairly qui- 
et. I haven’t started 
looking for a re- 
placement for our 
recently departed 
security engineer 


| because management has 


asked that I hold off hiring un- 


| til the end of the year. In the 
| meantime, I have authoriza- 
| tion to hire a consultant if 
needed. 


I’ve had good luck with con- 


| sultants in the past. The only 


problem is that they eventual- 


| ly leave. At that point, if the 
| consultant hasn’t generated 
| the proper amount of docu- 


mentation and transferred 


| critical knowledge to the staff, 
| we're left with an unmanage- 
| able project. 


In one case, I hired a consul- 
tant to build intrusion-detec- 
tion sensors. No one was 


My staffers — all four of 


| them - are stuck dealing 


with virus updates and 
patches for nearly 
10,000 desktops. 





working with the consultant, 
however, and when he left, he 
didn’t show us the configura- 
tion or give us the passwords 
to the system. Luckily, we 
were able to call him back in, 
and he provided that informa- 
tion free of charge. 

We now have very strict 
agreements that specifically 
identify documents that must 


| be produced each week so that 


we don’t run into such prob- 
lems in the future. 


Keeping Up to Date 

I decided to take advantage of 
the lull in activity within my 
department to review our 
server baseline images to 
make sure we’re keeping up 
with patches and other config- 
uration issues that affect both 
our “jump-start” infrastruc- 
ture for new installations and 
the retrofit of our existing sys- 
tems. I also examined our net- 


| : 
work infrastructure to ensure 


that the same controls are in 

place for our networking gear. 
Within the department, we 

have been keeping track of ad- 


| visories and patch releases 


from our major operating sys- 
tem, hardware and software 
vendors. We typically do this 
by subscribing to various au- 
tomated advisory services and 


| visiting certain Web sites. We 
then forward the advisories to 


the relevant departments for 
implementation. 

For example, Cisco last 
week rereleased an advisory 


| that it first announced in July 


relating to the potential for 
denial-of-service attacks on its 


| Catalyst switches. I forwarded 


the advisory to our network 


| group, but I never followed up 
| to ensure that the appropriate 


software updates for the Cata- 


| lyst switches were installed. 


The network engineering 
department maintains a list of 
all our routers and switches. I 
selected a group of switches at 


orm Aftermath 





random and asked one of the 
network engineers to capture 


| the configuration data by issu- 


ing the “show running config” 
command and to send the re- 
sults to me by e-mail. 

Unfortunately, this clunky 
method is the quickest way for 
me to verify that our switches 
aren’t susceptible to this vul- 
nerability. At some point, we 
will invest in patch manage- 
ment software, but that didn’t 
make this year’s budget. 

After reviewing the list of 


| switches, I found that quite a 


few hadn’t been upgraded. 
However, this was mainly due 
to the fact that Cisco hadn’t 
supplied the maintenance re- 
lease for one particular ver- 
sion of the switch. In lieu of 


| that, our network engineers 


took mitigating steps by con- 
figuring access-control lists on 


| 
the switches to allow only le- 


gitimate workstations to con- 
nect to the administrative port 
on the switches. 

I also checked on a recent 
vulnerability in the Solaris 9 
file transfer protocol server 
software. The FTP server is 
based on WU-FTPD, a file- 
transfer program from Wash- 
ington University in St. Louis. 

The program has a buffer 
overflow vulnerability that an 
attacker can exploit to gain 
unauthorized root-level ac- 


cess. This can be remedied 


with a patch. I reasoned that if 
I checked our FTP servers for 
the presence of the patch and 
found it to be consistently in- 
stalled, I could assume that 
the systems administrators are 


| attending to patch manage- 
| ment on a regular basis. Once 


we get our hands on some 
patch management software, 
we hope to automate the au- 
diting of our infrastructure. At 
this point, I’m looking for sug- 
gestions. But there’s no sense 
moving forward until we have 
a budget for this in place. D 


_ WHAT DO YOU THINK? 


This week's journal is written by a real securi- 
ty manager, “Mathias Thurman,” whose 
name and employer have been disguised for 
obvious reasons. Contact him at mathias_ 
thurman@yahoo.com, or join the discussion 
in our forum. QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworld.com/secjournal 





www.computerworld.com 


UN 


Start-up Layer 7 Technologies 
Inc. has introduced Secure- 
Span Solution, a set of prod- 
ucts for securing and connect- 
ing Web services that includes 
a gateway appliance, a soft- 
ware policy manager and an 
agent technology. 

SecureSpan Gateway en- 
forces security and access 
policies across multiple end- 
points, while SecureSpan 
Manager creates and manages 
the policies and routes them to 
agents that sit on the endpoint 
(the consumer of the Web 
service). 

The gateway can deliver a 
different set of policies for 
each endpoint, according to 
the Vancouver, British Colum- 
bia-based company. 

Layer 7 co-founder and 
Chief Technology Officer 
Toufic Boubez co-authored the 
UDDI service discovery proto- 
col and was once the chief 
architect for IBM’s Web ser- 
vices initiatives. 

SecureSpan Solution, 
priced at $100,000, will be 
available this month. 
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N 2000, the CIO Magazine Tech Poll reported 
a 22% annual growth rate in IT budgets. The 
same poll has recorded growth rates below 2% 
from January 2002 to the present. 

For the past two years, CIOs have persis- 
tently predicted a resurgence in IT spending. But the 
harsh reality is that chief financial officers now dic- 
tate IT spending, and they will throttle IT budgets 
until there’s hard evidence that IT delivers profits. 


How CFOs can extract 
proof of IT profitability 
is a source of puzzle- 
ment. During the years 
of easy IT money, the 
established procedures 
for capital budgeting 
couldn’t cope witha 
growing appetite for 
computerization. Now 
that companies have 
slammed on the brakes, 

CFOs are searching for 
new ways to harness IT. 

The most elaborate 
scheme yet is the one the 
Office of Management and Budget 
conceived for constraining the more 
than $57 billion in annual federal IT 
spending (or $32,000 per employee). 
OMB efforts, conducted under the 
federal enterprise architecture and 
e-government strategies, are scripts 
for imposing order and uniformity 
on an IT landscape that comprises 
more than 100 independent agencies 
and includes more than 5,000 major 
projects. The OMB plan reflects the 
thinking of many CFOs and is there- 
fore worthy of attention. It would do 
the following: 

1. Impose a standard method for classifying 
IT expenses. An elaborate business-ref- 
erence model defines how to de- 
scribe the business operations of the 
federal government. The purpose is 
to capture information about any du- 





plication of efforts. 

2. Prescribe a self- 
appraisal method for charac- 
terizing the performance of IT, 
with an emphasis on identify- 
ing system deficiencies. The 
purpose is to identify 
targets where IT spend- 
ing must be examined. 

3. Require classification of 
governmentwide standard IT 
components to enable consoli- 
dation of application develop- 
ment. The purpose is to 
set the stage for central- 
ized procurement of 


| software and services. 
4. Direct IT organizations to conform witha | 


technical reference model for reuse of tech- 


| nology. The purpose is to establish fa- 


vorable conditions for creating a 


| shared infrastructure that would 
| save money. 


5. Require the submission of a “business 
se” for every project. It’s through the 


| scrutiny of such business cases that 


the CFO intends to assert budgetary 


| controls. OMB officials have already 
declared that “771 projects in FY04 
| budget (for $20.9B) are ‘at risk’ and 


will not be allowed to proceed.” So 
how do OMB budget examiners sort 


| out which of the more than 5,000 


projects are at risk? 

The so-called business-case forms 
have been conceived by auditors 
for budget examiners. For each proj- | 


A. STRASSMANN 


nding: 


‘The 
Back 


ect, the CIO of the organization 
must fill out a form containing 132 
detailed questions about the best 

IT practices ever conceived by con- 
sultants. The checklist covers topics 


| such as demonstrated fit with busi- 

| ness strategy, linking to manage- 

| ment plans, support of a moderniza- 
| tion strategy, demonstration of low- 
| risk acquisition methods, proofs 

| of strong project management, clos- 

| ing of performance gaps, assurance 

| of security over a project’s life cy- 


cle, privacy protection, paperwork 


| reduction, management of risk- 
| adjusted life cycle costs — and 


many others. 
For good measure, the business- 
case forms require documented con- 


| firmation of compliance with a long 


list of regulatory and legislative 


| measures. 


To sort out which projects are at 
risk, the OMB follows a routine pro- 
cedure. First, each item for every 
project is rated on a scale from | to 5. 

Second, added 
up, regardless of their importance, 
though a poor score in a few select- 


all of the scores are 


ed areas (such as security) will au- 
tomatically disqualify the entire 
project. If the scores fall below pre- 
defined levels, the project is classi- 
fied as being at risk and scheduled 
for further examination. Projects 
with low scores won't be funded. 

How effective is the OMB method- 
ology in delivering the stated objec- 
tives of savings through sharing of 
IT resources? One way of judging 
that is to examine the OMB schedule 
of fiscal 2004 governmentwide shar- 
ing of IT. If you remove unique 
Homeland Security Department 
projects, you end up with only 0.21% 
of the total federal IT budget as ben- 
efiting from synergy through shar- 
ing. I guess that leaves the OMB — 
like many CFOs — with the hatchet- 
on-a-pole method of IT budget prun- 
ing and management. @ 41348 
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OK, our marketing is not 
as good as our technology. 


Business Intelligence Vendor Rating 
Marketing Rating Technology Rating 
MicroStrategy kk x keke 
Cognos Kwek xn 





Business Objects kwenwnk x kk 





Fortunately, our 2,000 enterprise-class customers buy 
our technology, not our marketing. 


See what a real business intelligence platform can do for you. 
Order a FREE copy of “Applications of Industrial-Strength Business Intelligence” today. 
Visit www.microstrategy.com or call 1-866-866-MSTR. 
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USINESS INTELLIGENCE — the collection 

and analysis of a company’s most valuable 

data — seems an unlikely task to farm out 

to contractors. But some companies are 

doing exactly that. Why? Because they 

lack the in-house skills needed to perform 
statistical analysis or maintain a data warehouse. 
And if you want to turn BI over to the experts, 
there are more options than ever — along with 
the same big worry: losing control of your data 
quality. 

At Canon Information Technology Services in 
Chesapeake, Va., the technical support subsidiary 
of Canon Inc., the decision to outsource data 
mining and analytics was simply a case of finding 
people with the right expertise at the right cost. 

“I had been doing [basic] analyses on Excel 
spreadsheets of our customer feedback data,” 
says Mike Larson, assistant director of product 
and process quality at Canon ITS. But he wanted 
more power to do full-fledged data mining and 
the ability to give support managers online access 
to reports. 

“Our analytic expertise, when ic comes to slic- 


= ? 2 | ing and dicing information, is just not that deep,” 
= —— Larson says. So that left him with two options: 
a ae aa : D buy packaged analytic software or outsource. 


“Our analytic expertise . . . is just not that deep” and outsourcing was cheaper, says Canon ITS’s Mike Larson. After looking at what it would cost to buy the 
applications and infrastructure and hire addition- 


| al staff, Larson explains, Canon ITS concluded 

| that it would cost at least twice as much to do the 
work in-house as it would to hire CustomerSat 
Inc., an application service provider in Mountain 
View, Calif. The ASP’s clients pay annual hosting 
fees of about $100,000 on average, according to a 
CustomerSat spokesman. Canon ITS signed a 
one-year contract in April, and the service went 

| live in June. 


Each night, CustomerSat uploads data from 


| Canon ITS’s two CRM systems, which handle 

phone and e-mail support. A typical data set in- 
cludes items such as customer name, description 

| of problem, product purchased and type of inter- 
face employed. 

“Data quality is a very hot issue for us,” says 
Larson. “The data we export to CustomerSat is 


just part of a bigger initiative” that involves tak- 


Whether you choose to farm out all or part Of YOUF —tbicintousecosomer dattases "Wesercen 


for things such as duplicate names and bad e-mail 


BUSINESS INTELLIGENCE, youneedtomake sure | stiss"tsy. And tanon dos ome wei 


ing on his own, such as setting up business rules 


the quality of your data won't suffer. BY MARK LEON | °°" continue on page 4 
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Middleware is Everywhere. 


site =e OT ee ho eb lee ) 
so all the United States and or othe 


1. Automatic overview of operation. 
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CustomerSat generates 
daily, in-depth question- 
naires that go out to a ran- 
dom sampling of Canon 
ITS customers, and Lar- 
son keeps an eye on the 
process and sample sizes. 
The responses are loaded 
into the hosted database 
and later viewed as re- 
ports and graphs via a 
standard browser. 

“A few years ago, you 
really couldn’t do any cus- 
tomization on your appli- 
cation if you chose to go 
with an ASP,” says Guy 
Creese, an analyst at Ab- 
erdeen Group Inc. in Bos- 
ton. “ASPs now give you 
far more options. It is no 
longer take it or leave it.” 

Although Larson is hap- 
py with his service pro- 
vider, he says Canon ITS might even- 
tually bring some of the analytics back 
in-house. He says the company is 
“looking at some bigger projects in- 
volving more demographic analyses” 
and is considering buying analytic 
software from a vendor like Cognos 
Inc. or Business Objects SA for those 
efforts. 

This hybrid approach to BI is be- 
coming a trend, says Creese. “I think 
we will see more of this: You out- 
source where it makes sense and keep 
the rest in-house.” 


ETL Is Heavy Lifting 


Canon ITS, in fact, keeps the primary 
customer data source in-house in a 
PeopleSoft Inc. CRM system that feeds 
the CustomerSat database. Larson says 
the next step will be to complete the 
circle and allow CustomerSat to re- 
populate the PeopleSoft system with 
data mined from the hosted database. 
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Even in this distributed architecture, | 


Canon ITS keeps the central data 
warehouse on-site and maintains pri- 
mary control over data quality. But 
that’s still a lot of work. Most compa- 
nies that take full responsibility for 
their data warehouses need staffs 
trained in BI and extract, transform 
and load (ETL) tools, as well as a real- 
istic perspective of the effect that a 
new project will have on employees 
and the business. 

However, Creese says that it often 
makes sense to outsource the entire 
data warehouse. “Maintaining a data 
warehouse with all the ETL functions 
is heavy lifting,” says Creese. “But of- 
ten it can be treated as a standard, util- 
ity service. So why not outsource that 
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piece and keep the front- 
end analytics, the stuff 
that encapsulates your 
business, in-house?” 

That’s what Synovus 
Financial Corp. did. “We 
wanted to mine our bank 
customer and product 
data more deeply,” says 
Jeff Kennedy, director of 
information systems at 
Synovus, a $19 billion fi- 
nancial services holding 
company in Columbus, 
Ga. But, he adds, “sup- 
porting a data ware- 
house, scrubbing and 
loading all that informa- 
tion, is not something we 
have ever done in the 
past, and we had no rea- 
son to think it was some- 
thing we wanted to take 
on in the future.” 

In June 1998, Synovus outsourced an 
operational data warehouse to Meta- 
vante Corp., a Milwaukee-based pro- 


| vider of technology products and ser- 
| vices for the financial services indus- 
| try. The database supported standard 
| functions like balance reports and au- 


dit-letter generation, says Kennedy. 
“But we knew we would need a new 


database design to do more advanced 
| analyses on things such as behavior 
| within a portfolio or loan origination,” 


BUILDING 
TRUST 


A SPIRIT OF PARTNERSHIP pervades 
an outsourced business intelligence deal 
at Volvo Cars of North America LLC in 
Irvine Calif. 

It all started in 1999, when Volvo turned 
a marketing data warehouse over to 
Harte-Hanks Inc. in San Antonio. 

“This is one of a limited number 
of partnership arrangements we 
have,” says Phil Bienert, manager 
of CRM and e-business at Volvo. 

“By this | mean we commit to a 
multiyear contract.” 

He says it also means that there's a 
built-in understanding that goes beyond 
anything in writing. “We state publicly 
that Harte-Hanks is our agent of record 
for customer analytics, and we expect 
that Harte-Hanks will give us additional 





CASE 
STUDY 


he says. “And we wanted this to sup- 
port all 40 of our banks.” 

In October 2001, Kennedy and his 
team fleshed out the specs to build a 
new analytic data warehouse. They 
met with some resistance from Meta- 
vante over the need to replace the data 


| warehouse, Kennedy says, but eventu- 
| ally collaborated on the design and 
| testing. “The result was a database 


built in a star schema structure — and 
still hosted by Metavante,” he says. 


| Synovus, however, kept the data min- 


ing applications in-house and is using 
Business Objects software with a 
browser interface on the front end. 


Trust and Partnership 
Synovus has moved five of its 40 banks 
onto the new system and expects to 
migrate the remainder by next sum- 
mer. Kennedy says the new data ware- 
house more than pays for itself. 

“We estimate that the analytics we 
run save us $250,000 over and above 


what we pay Metavante for the ser- 


vice,” he says. But, savings aside, this 
process involves turning sensitive data 
over to someone outside the company. 
Kennedy says it’s OK to do that, pro- 
vided you trust the outsourcer. 

“With our collaboration on the ana- 
lytic data warehouse,” he says, “Meta- 
vante proved to us that we can work 
through disagreements together. We 
built a partnership. Their real value is 


support on-site,” says Bienert. “We ex- 
pect that they will supply us with a 
steady stream of good ideas and that 
they won't rip us off. You can’t put all this 
in a contract.” 

Analyzing customer data wasn’t Vol- 
vo's core competency, so it made sense 
to find a partner. The automaker is very 
good at keeping track of its cars, but it 
needed to “build a customer-centric 
view of the world,” says Bienert. And the 
company needed someone who could 
build and host all the pieces, the data 
warehouse and the applications, mining 
and analytics. 

Bienert and his staff run simple 
queries and reports on demo- 
graphics and sales using a dash- 
board developed at Harte-Hanks. 
For more sophisticated analyses, such 
as predictive modeling to support new- 
vehicle launches, Volvo turns it all over 
to Harte-Hanks. 

But Harte-Hanks’ project managers 
keep the communication pipe open with 
Bienert and his database manager. It's 
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in updating the data warehouse on a 
daily basis, and we are confident that 
our data is in good hands.” 

One of the things all of these deals 
have in common is flexibility. For ex- 
ample, in its hybrid arrangement, Syn- 
ovus could have chosen to outsource 
the entire BI front end. 

“Outsourcing BI, or anything else, is 
far richer than it used to be,” says Ab- 
erdeen’s Creese. “It wasn’t that long 
ago when your options were to choose 
between IBM or EDS to come in and 
run your entire IT shop for $40 mil- 
lion.” 

Canon ITS chose to keep its primary 
data store in-house, and the company 
still keeps close tabs on the quality of 
data being outsourced. Synovus turned 
over the maintenance of its data ware- 
house, but only after the outsourcer 
went the extra mile to prove itself wor- 
thy of the trust. 

And neither company has relin- 
quished the ability to monitor data 
quality. “If you outsource your ability 
to do this, you have gone too far,” says 
Mark Sullivan, managing director at 
BearingPoint Inc. (formerly KPMG 
Consulting) in McLean, Va. “At the end 
of the day, it is still all about the data. If 
the data is flawed, no provider can give 
you good BI or satisfy your SLA [ser- 
vice-level agreement].” @ 41235 





Leon is a freelance writer in San Francisco. 


critical, says Bienert, to make sure that 
the Harte-Hanks team knows what Vol- 
vo's priorities are. “Trends change quick- 
ly in the auto business,” he says. “What 
is hot today may not be tomorrow.” 

Bienert wouldn't talk about the value 
of the Harte-Hanks contract, but he says 
Volvo conducted an extensive study be- 
fore signing the deal. “We determined 
that it would be significantly cheaper and 
more effective to go outside,” he says. 

Harte-Hanks’ fees vary, ranging from 
$5,000 to $100,000 per assignment, 
according to a company spokesman. As- 
signments vary in duration and scope, 
but they typically involve things like cus- 
tomer segmentation analysis. Multiyear 
contracts with clients such as Volvo will 
involve several assignments. 

Dan Rubin, vice president of analytics 
at Harte-Hanks, says the Volvo project is 
a popular one at his company. “Our peo- 
ple really want to work on this account. 
In fact, we have people here who have 
been on it longer than anyone at Volvo.” 

~ Mark Leon 
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riculture 


Cultivating 


E-business 


By Matt Hamblen 


HE AGRIBUSINESS industry has- 

n’t been an IT leader, but it’s 

making up for lost time with an 

ambitious effort to harness the 
efficiencies of e-business. 

More than 60 leading agricultural 
companies recently created an inte- 
grated database of information about 
farm-related manufacturers, distribu- 
tors and products. The new database 
will be used for tracking agricultural 
products (including potentially lethal 
materials) through the supply chain 
and serve as a building block for effi- 
cient e-business industrywide. 

The companies involved, including 
Monsanto Co. in St. Louis and Dow 
AgroSciences LLC in Indianapolis, are 
members of Washington-based non- 
profit consortium Rapid Inc., which 
launched the Agriculture Industry 
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Identification System (AGIIS) on Aug. 
ll. Covansys Corp. in Farmington Hills, 
Mich., created the database and will 
manage it for the consortium, says 
Rapid CIO Rod Conner. 

The main benefits to members will 
be efficiencies in generating orders 
and sales reports, as well as the ability 
to track inventory and be better stew- 
ards of products that can have major 
environmental impacts, Conner says. 

Rapid had managed three separate 


| industry databases with the help of 


three different contractors starting in 
1995, and it combined them to form 
AGIIS. Over three years, AGIIS will cut 
the cost of managing those databases 
from $3.5 million to $1.9 million, esti- 
mates Conner. The savings will more 
than pay for the nearly $1 million de- 
velopment and infrastructure cost of 





AGIIS, he says. 

Reducing costs was a big reason why 
Rapid’s 15-member industry board 
pushed for the project, Conner says. 
But the board also wanted to help its 
members make better use of the data 
and to develop a central repository 
that would be useful to non-U.S. 
businesses. 

“Agriculture is not a technology 
leader, typically, but now that our 
member companies are seeing the ben- 
efits of e-business and related tech- 
nologies in other divisions of their 
companies, they are now moving [IT 
into] agriculture” activities, he says. 

One side benefit is that with AGIIS, 
private businesses should be able to 
help homeland security officials and 
others prevent tainted food supplies 
from ending up on grocery shelves and 
track products such as fertilizers, 
which can be used to make bombs, 
says Brent Kemp, a senior analyst at 
Southern States Cooperative Inc., a 


| Rapid member in Richmond, Va. 


“After the Oklahoma City bombing, 
there was a great security concern 
about ammonium nitrate, and with 
AGIIS we can potentially get down to 
what lot of fertilizer was sold, where it 
came from, when, who picked it up and 
who was responsible for it,” Kemp says. 

“Our dream is that a consumer could 
look at a can of tomatoes, scan it and 
know every step in that can’s life, from 
where the tomatoes were grown, to 
who canned it and potentially how 
much rain fell that growing season,” 
he adds. 


Consolidating Business 
Mandates for such information are 
growing, Kemp points out. Manufac- 
turers are beginning to require it from 
growers, while buyers in Europe insist 
on knowing which foods have been ge- 
netically altered. 

Some companies have already re- 
ported that they’ve been able to elimi- 
nate paper-based processes as a result 
of using AGIIS, says Connor. St. Paul, 
Minn.-based Agriliance LLC, the 
largest agricultural cooperative in the 
U.S., told Rapid in August that it had 
processed 16,000 orders with the new 
XML capability in AGIIS, taking the 
standard time for a bulk order of prod- 
ucts down from 12 minutes to less than 
30 seconds, Conner says. That has en- 
abled Agriliance to move some order 
entry personnel to other tasks. 

Members of Rapid have a “keen in- 
terest” in not giving away competitive 
advantages, Kemp says, but members 
“in general are agreed that it’s in 
everybody’s interest to have a common 
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frame of reference for tracking prod- 
ucts and seeing who is shipping and 
receiving. The data itself doesn’t pro- 
vide a competitive advantage, but how 
you use it does.” 

Southern States, a farm supplier 
with 1,200 dealers and 68,000 cus- 
tomers, hasn’t yet seen direct benefits 
from AGIIS, Kemp says, but it hopes 
that further enhancements, such as the 
adoption of Web services technology, 
will help feed bar-code information di- 
rectly into warehouse systems. 

The next steps for AGIIS include ex- 
panding its use to agricultural compa- 
nies outside the U.S. and to companies 
in related industries, Conner says. 

The main value of AGIIS is that it 
will be a building block for e-business 
initiatives in the agriculture industry, 
says Andrew White, an analyst at Gart- 
ner Inc. White says AGIIS shows that 
agribusiness is moving forward with 
e-business and supply chain technolo- 
gy, placing the sector behind the elec- 
tronics industry but ahead of the 
apparel industry. 

“The real purpose of this kind of 
project is not for one company to do 
better than any other but for the indus- 
try as a whole to take a big chunk of 
cost out of it,” White says. The biggest 
benefit of AGIIS will be a reduction in 
transaction costs by making the data 
understandable to all users, he says. 

That’s the advantage of having a 
standard product directory. “When I 
say ‘a black pen,’ the question is always 
whether it’s a pen that has black ink or 
one with a black casing. Now any num- 
ber of companies can have a standard 
way of answering that,” White says. 
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Traditionally 
secretive, law 

firms are using 
extranets to 

give clients access 
todocuments and 
awindowinto 

their operations. 

BY JEAN CONSILVIO 


OSING A CLIENT IS ONE of the costliest mis- 

takes a law firm can make. So a growing num- 

ber of them are using extranets as a collabora- 

tive tool to offer their best clients the best ser- 
vice and keep them in the fold. 

This is a big change in the world of law firms, 
which have tended to be low-tech and secretive. But 
now legal staffs and clients that are dispersed across 
the U.S. and overseas can work together by accessing 
documents on extranet-based knowledge manage- 
ment systems. Such extranets give clients a window 
into billing, transactions, calendaring, depositions 
and pleadings, for example. 

Sutherland Asbill & Brennan LLP, an Atlanta-based 
firm with 350 lawyers, has built about 60 extranets, 
or data rooms, for 10 major corporations. “We just get 
so much enhanced value from the relationship with 
our clients” that Sutherland doesn’t charge them for 
setting up and maintaining the extranet, says Kim 
Perret, director of marketing and communications. 
The firm saves money, too, because it doesn’t have to 
rent space to store boxes of documents or bear the 
expense of sending people to oversee a document 
review or due diligence. There are also savings in 
travel costs, travel time and meals. 

Now, a client traveling in a remote country needs 
only his laptop to view a document. “When he sends 
an e-mail that says, ‘Love that extranet!’ it’s price- 
less,” Perret says. 

Big clients today want to be more involved in their 
cases than ever before. At the same time, cases are 
becoming more complex and require teams of 
lawyers from multiple disciplines, from intellectual 
property to litigation. 


“Firms that are more team-oriented are doing very 
well, and that plays to what clients are looking for,” 
says Michael Rynowecer, president of BTI Consult- 
ing Group Inc. in Boston. 

Extranets are especially helpful when people from 
the business side, such as the employee-benefits team 
or the chief financial officer, are involved in a merger 
or an acquisition. With extranets, there’s no need to 
search through boxes of documents; information can 
be found using Boolean, keyword or text searches. 

San Francisco-based Pillsbury Winthrop LLC set 
up an extranet for the Los Angeles Unified School 
District to share documents and manage specific 
cases. The extranet runs on FirmConnect from Hub- 
bard One in Chicago and is tied into Pillsbury’s 
billing, CRM and docketing systems, as well as its 
document management system. 








The school district pays 29 law firms $28 million 
in outside counsel fees for cases involving discrimi- 
nation, civil rights, eminent domain and construc- 
tion, says Harold Kwalwasser, former general coun- 
sel for the school district. It’s a complex operation 
because of the amount of people, documents and 
correspondence involved. The value of extranets, he 
says, is that the district doesn’t have to replicate the 
archived files; they can be copied onto CD-ROMs. 

“We have one source to go to get literally thou- 
sands and thousands of documents,” says Kwalwass- 
er. “It’s a very efficient system.” 


Who Owns It? 


The only problem with this “virtual world,” Kwal- 
wasser says, is the question of who keeps the hard- 
ware and software that stores the archives and runs 
the extranets. Law firms own the systems, “but these 
are documents I've already paid for,” he says. “So if I 
say, ‘Give me a copy,’ I'll get a copy.” 

But what happens when the client wants to take 
charge and run the extranet? Kwalwasser, whose con- 
tract with the school district ended in June, says he 
had been looking into building a reverse extranet 
next year for the district’s outside counsel to access 
“We have collected this electronic [documents] file,” 
he says, “and we wanted to cut our costs by not hav- 
ing people do research that we just paid some other 
firm to do.” 

Another way to approach the issue is to have the 
extranet and document repository hosted at a neu- 
tral site. “If we’re working with a client on a case that 
has multiple parties, we outsource the extranets to a 
hosted facility,” says Terry Crum, chief knowledge 
officer at Jones, Day, Reavis & Pogue, a Cleveland- 
based law firm that has more than 1,600 attorneys 
worldwide. For the time being, “we’ve decided to 
host those rather than put them on our internal net- 
work and invite people inside,” he says. “It’s simply a 
security issue.” 

Despite the benefits, legal extranets aren’t wide- 
spread or automatically successful. According to a 
recent report from BTI Consulting, only 14% of 215 
large corporations surveyed are using extranets pro- 
vided by outside counsel. Those clients see extranets 
as a way to improve their own performance and for 
law firms to share the information they hold. But the 
report says that if the systems aren’t robust or fail to 
meet clients’ needs, clients won’t see them as a col- 
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NSTAR, the largest investor-owned 
utility in Massachusetts, hopes two IT 
projects will help it achieve a very 
aggressive goal: to boost its customer- 
service rankings into the top 25% of 
Eastern U.S. power providers over the 
next five years, says CIO Eugene 
Zimon. 

That’s pretty heady stuff, consider- 
ing that Boston-based NStar was 
ranked last among 15 Eastern utilities 
in residential customer satisfaction 
this year, according to the J.D. Power 
and Associates 2003 Electric Utility Residential Cus- 
tomer Satisfaction Index Study. The study rates pow- 
er quality and reliability, company image, price and 
value, billing and payment, and customer service. 

NStar has made improvements in some of these 
areas. Last year, customer outage hours were slashed 
by 35%, and the length of outages was reduced by 
27%, according to the company’s 2002 annual report. 
And by year’s end, NStar’s 200-plus call center repre- 
sentatives were answering nearly 90% of all cus- 
tomer calls in 30 seconds or less — a 25% improve- 
ment over 2001. 

The utility company implemented a fuel-cost ad- 
justment on Sept. 1 that should lower the average 
electric bill for Boston-area residential customers by 
about $4.50 per month. In addition, NStar was the 
only utility in Massachusetts to achieve the service- 
quality goals set by the Massachusetts Department of 
Telecommunications and Energy, thereby avoiding 
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any financial penalties. 
NStar customers have noticed the 
positive changes. While NStar hasn’t 


of 60 to 130) compared with the 2002 
survey. 

Now the company is pushing hard 
on two IT projects aimed at further 
enhancing customer service: the in- 
stallation of anew CRM system (see 
sidebar) and an upgrade of its outage 
management system. 

The latter effort involves an upgrade of software 


| from M3i Systems Inc. in Longueuil, Quebec. NStar 


executives expect the system to help the company 


improve its analysis of and response to outages. 


NStar began rolling out the upgraded M3i system 
in April. In June, the company extended it with im- 
proved messaging capabilities at call centers to give 
customers more detailed information about the ex- 
pected length of outages. Now NStar is focusing on 
the third phase of the upgrade, which adds a graphi- 
cal front end that plots customer outage calls on a 


graphical representation of the company’s electricity 


distribution network. It will also identify the utility 
equipment that’s the most likely cause of an outage. 
Using algorithms that are built into the software, 


NStar engineers will be able to analyze more quickly 


the causes of and relationships between power out- 
ages, as well as calculate how long a particular out- 


age is expected to last and identify which customers 


are affected. Previously, dispatchers had to review 
a list of outages on a tabular or spreadsheet-type 
screen. 

The previous version of the M3i system relied on 
rules-based systems to help engineers analyze the 
potential causes of outages and determine how 
quickly they could be repaired. “But that model 
breaks down in a high-volume situation — like dur- 
ing a major snowstorm — since work on switches 
and transmitters constantly changes,” Zimon says. 


Once NStar finishes testing the electronic plotting 
capabilities this fall and puts the system into produc- 
tion early next year, engineers will be able to draw a 


polygon around, say, 10 outages “and evaluate how 


they might be related to each other,” says Peter Dion, 


manager of systems support at NStar. 





This electric utility hopes IT will improve its 
response to blackouts and boost customer service 
from rock-bottom levels. 





yet improved in its relative ranking, it 
did increase its score in the 2003 study 
by J.D. Power by five points (on a scale 
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NStar is in the final stages of installing an Oracle CRM sys- 
tem to improve customer service, regardless of what chan- 
nel a customer uses to contact the power company. The 
browser-based system uses computer/telephony integration 
(CTI) technology to allow NStar's 200-plus call center repre- 
sentatives to respond to customers who call in, use e-mail, 
fax or visit the company’s Web site. 

The Oracle software, which will serve as a front end to 
multiple back-end systems, is being phased in through year's 
end and will run on two Unix-based Sun Fire servers from 
Sun Microsystems Inc. It will provide NStar with capabilities 
not currently offered through its mainframe-based customer 
information system (CIS), including the ability to view cus- 
tomers on a total account basis rather than by meter or ad- 
dress, says CIO Eugene Zimon. 

The CRM system was customized by Cap Gemini Ernst & 
Young. The Oracle software is being installed by Bangalore, 
India-based Wipro Ltd., which is doing the customization 
work in India and the implementation in Westwood, Mass. 

The CTI technology is expected to help NStar reduce the 
average time it takes to handle a call by 15 to 30 seconds per 
call, says Penni Conner, vice president of customer care at 
the company. In addition, training call center agents to use 
the new system is expected to take just 18 hours, compared 
with three or four weeks on the CIS system. 

- Thomas Hoffman 


Also next year, customers will be able to use an 
interactive voice-response system to find out the 
cause, status and estimated time of restoration for 
an outage, Zimon says. 

Zimon and Dion declined to say how much money 
NStar has invested in the outage management system 
upgrade. But it’s expected to deliver several key ben- 
efits, such as allowing for a better assessment of the 
cause of an outage, which in turn enables faster and 
more accurate dispatching of repair crews. Plus, the 
system is expected to free up the dozen or so dis- 
patchers who work during a typical day shift so they 
can spend more time analyzing the causes of outages 
and determine how best to correct them. 

During storm conditions, when multiple outages 
occur more frequently, Dion said he expects that the 
new system may help NStar respond to power inter- 
ruptions up to 20% faster. 

There are several techniques that electric compa- 
nies use to pinpoint the sources of failures. Some 
companies have integrated geographic information 
systems with customer reports of outages and linked 
that information with their network diagrams, says 
Jill Feblowitz, an analyst at AMR Research Inc. 

Rick Nicholson, an energy industry analyst at Meta 
Group Inc., says NStar “is doing some very smart 
things to address the outage issue, but they are proba- 
bly not unique” in plotting outage calls electronically. 

Nevertheless, NStar executives are excited about 
the potential effect the system will have on improv- 
ing customer service. 

“We're setting a standard here,” says Zimon. “This 
is designed to work in both a high-volume [outage] 
and sunny-day situation.” @ 41478 








www.computerworld.com 


MANAGEMENT 


__ COMPUTERWORLD October 6, 2003 45 





New CIO at the Trading Desk 


Barclays Capital PLC, the 
6-year-old investment banking 
division of London-based Bar- 
clays Bank PLC, competes with 
some very large and experi- 
enced old-time financiers for a 
chunk of the trillions of dollars 
in the worldwide market for 
fixed-income investments, such 
as government bonds. NANCY 
GLOOR joined Barclays Capital 
as CIO for the Americas last 
month to lead the development 
of electronic trading systems for 
that effort. She comes with 17 
years’ experience at Goldman 
Sachs Group Inc., where she 
most recently was managing 
director for fixed-income, com- 
modities, currency and finance 
technology for all of Europe. 
Gloor recently talked with 


If you are a growing enterprise, your need for new software always exceeds your budget. Or does it¢ 


solutions to fit any size business and any budget. Selutions that can be up and running quickly 





Computerworld’s Jean Consil- 
vio about the investment bank- 
ing business and her new role 
at Barclays. 


Why did you join Barclays? 
We're a relatively new organization 
and have very aggressive goals to 
be [at the] top of all of the markets 
we're in. For example, in our elec- 


with TradeWeb [a multidealer plat- 
form] in March, and we're 

already leading the [industry 
rankings]. 


What do you hope to 
accomplish in the com- 
ing year? | follow the goals 
of the organization, which 
are to further globalize the 
firm. We need te move the 


| robust technology platforms that 


we've been rolling out in Europe and 


| the U.S. into the next phase in the 
| U.S., add more products and turn our 
| attention to Asia. The other thing 

| we're focusing on is flawless execu- 
| tion, which is very important. We're a | 


relatively small organization, so for 


| us to be competitive, we have to do 
| what we do very well. 

tronic trading market, we just started | 
| What changes do you see for the 


platforms? In the U.S. 

last year, Barclays Capital 
opened its new North Amer- 
ican headquarters in mid- 
town Manhattan. The new 
trading floor standardized 
the infrastructure technol- 
ogy. We are now following 
that with standardized soft- 
ware in all regions, which 





will make it much easier for us to de- 
ploy new applications and put new 
product lines on those applications 


| What challenges have you come 
| up against working in fixed- 


income management? One of the 
challenges is that in the very com- 


| moditized, cash-type product, like in 


the government [bonds] area, mar- 
gins have shrunk over the last few 


| years. To be profitable, you have to 


really be smart about how much it 


| costs to trade, how quickly we can 


price things, how much it costs to 
process everything through the back 


| office. Those are things we need to 


be able to automate wisely because 
the cost of doing business has to 


| come down for them to be profitable. 


| What advice would you give 
| anyone in IT who wants to spe- 
| cialize in an industry, as you 


have during your career? Tech- 


| nology plays such a key and integral 


part in our business that you have to 
have a lot of context. You have to 
have deep knowledge of the busi- 
ness, and that’s where you bring the 


| value. It’s not just your technical skill 


that’s important, but it's your knowl- 


| edge about a particular trading desk, 


product line or process, like risk or 
pricing. We have [IT] people sitting 
on the desks with the traders and the 
salespeople who understand inti- 
mately what they do every day, and 
they're the ones developing the soft- 
ware for them 


So business and technology 
work as one? When | was inter- 
viewing here, somebody said, “I 
don't really see the difference be- 
tween technology and business.” | 
don't either. They're one in the same 
| don’t know how you trade bonds 
without technology. You couldn't. It's 
not possible. The challenge for tech- 
nologists is to be equally competent 
on both sides. @ 41726 
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Banks’ IT Spending 
To Hit $60B in ’07 


IT spending in the banking indus- 
try will reach $60 billion in 2007 
as banks continue their efforts to 
cut costs and increase revenue, 
according to an IDC survey of 27 
U.S. banks. 

Respondents said they will 
devote most of their IT spending 
to delivery channels and back- 
office technology, while their 
investments in systems that 
support retail and wholesale 
product lines will increase at 
a slower pace during the next 
four years. Framingham, Mass.- 
based IDC said respondents’ 
priorities included meeting regu- 
latory requirements, CRM, risk 


management and attracting new | 


customers. 


Nordson Names 
Peet New CIO 


Nordson Corp. last week appoint- | 


ed Shelly M. Peet as CIO at the 
Westlake, Ohio-based company. 


She joins Nordson following a 13- | 
year career at TRW Inc. in Cleve- 


land, where she most recently 
was director of information ser- 
vices. Peet holds degrees in sys- 
tems engineering from Case 
Western Reserve University and 
a degree in physics from Witten- 
berg University. Nordson makes 
precision dispensing equipment 
and has 3,500 employees in 30 
countries. 


Entergy, Keane 
Sign $12.3M Deal 


Keane Inc., an IT consulting firm 
in Boston, has signed a $12.3 mil- 
lion, five-year outsourcing con- 
tract with Entergy Solutions Ltd., 
a subsidiary of Entergy Corp., an 
$8 billion New Orleans-based en- 
ergy services company. Keane 
will support Entergy Solutions’ 
application development and 
management using on-site and 


offshore IT teams. The core appli- | 


cations handle retail business 
functions, including forecasting, 
pricing and deal management, 
risk scheduling and settlements. 
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Stop ‘Gathering’ 
equirements 


VER THE YEARS, I’ve come to the conclu- 
sion that one of the most destructive no- 
tions circulating inside technical groups 
involves “gathering requirements.” 

For decades, virtually everyone in the 
industry has accepted that the first phase of every IT 
project should be to gather requirements from busi- 
ness users. At least in theory, it should be the point of 


departure for all our ef- 
forts. (Of course, it’s also 
the phase of the project 
that’s most often skipped.) 
So now that our success 
rate for IT projects has 
risen to the still-dismal 
level of about 25%, perhaps 
we should question some of 
this time-honored wisdom. 

As I travel the country 
for consulting and speak- 
ing engagements, I often 
ask, “What are the main 
causes of project failure?” 

And invariably one of the 
first answers is something 
like, “There’s a failure to 
gather good requirements.” 

And when I ask why projects get bad 
requirements, the answers are, “Users 
won't tell us what they want,” or “We 
don’t ask good questions,” or “What 
they told us they wanted turned out 
not to be what they really wanted.” But 


I think that the problem is more subtle | 


than any of those answers. 

The problem with gathering re- 
quirements is right there in the word 
gathering. What images does it con- 
jure? For me, it’s an image of a harvest, 
of a group of people standing among 
endless rows of vines picking ripened 
grapes and carefully placing the 
bunches in a bin. For others, it might 
be an image of a child collecting sea- 
shells on the beach or of a group of 





people huddled together 
at a town meeting. What’s 
common in all these im- 
ages of gathering is that 
there’s something out 
there to be collected, like 
crops, shells or people, and 
that those things are al- 
ready whole and complete. 
So if we’re gathering 
requirements, we assume 
that they must be out 
there, ready to be assem- 
bled like a roll of coins. 
Our problem is finding 
and selecting the right 
ones. So if the users don’t 
tell us what they really 
want, we should grab them by the 
ankles, hold them upside down and 
shake them until those pesky require- 
ments fall out on the floor. The only 
logical conclusion is that if we don’t 
get good requirements, we haven’t 
shaken enough. 

Of course, this is ridiculous. Re- 
quirements don’t exist out in the ether 
just waiting to be discovered. They 
aren’t out there whole and finished. 
Clients and users aren’t playing an 
expensive game of hide-and-seek with 
us. Usually, the clients’ pockets are 
empty. Most of the time, they don’t 
exactly know what they require. And 
even if they do, it’s in the form of in- 
complete and inconsistent ideas that 
can be only partially articulated. Proj- 





ects rarely start out with clear objec- 
tives or requirements; they begin in 
confusion and ambiguity. 

The other problem with gathering 
requirements is that it suggests sub- 


| servience or disinterested passivity on 


the part of the IT group. It gives the 
impression that the job of a technical 
team is to take orders like a waiter 
who couldn’t care less what you eat 
and then deliver the cooked meal. 
Technical teams with this attitude 
rarely deliver high-quality service. 

So what’s the alternative? Obviously, 
projects need solid requirements on 
which to build technology. 

We should think of a set of require- 
ments as being like a multilateral 
treaty among a group of nations. 
Representatives of nations negotiate 
treaties by seeking out points of 
agreement, acknowledging con- 
straints, compromising and trading 
off. The forging of a treaty is an active 
and difficult process of creation. No 
one would suggest that you “gather 
paragraphs” to write a treaty. 

So we must negotiate requirements 
among the many stakeholders whose 
positions and interests need to be ac- 
knowledged. There are the business 
interests of executives who fund proj- 
ects, of course. There are the utility 
needs of the users who will work with 
the systems every day. There are also 
the technical needs of those who 
build, deploy and support those sys- 
tems. The list can go on and on. 

Successful projects begin not with a 
harvest, but with a difficult set of dis- 
cussions on what should be done. If 
you stop trying to gather requirements 
and start negotiating them, your proj- 
ects will yield richer crops. @ 41565 
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IT Careers: The Next Generation Data Center 


here was a time when data warehousing and data centers 
Tan primarily a hardware issue or deep research 
embedded within data management. Not so with the Next 
Generation Data Center, where data mining and statistics come 
out of the research cave into full blown operational imperatives. 
You've seen the results — a list of books that you just might find 
interesting, based on your past orders. 


With more than one million people working in the data 
management field, the new role for data mining and business 
intelligence indicates a major shift of web development, software, 
data mining (statistics) and text mining into the job category. This 
segment of the information technology industry is moving up in 
the food chain; the analytics category is considered one of the top 
value plays with over half of all implementations achieving full 
payback within two years or less. And, expenditures are expected 
to grow by better than 33% over the next four years. 


Among the kingpins of mining and putting to work data to 
achieve bottom line results is Amazon.com. Ken Collins, director of 
data warehouse for Amazon.com, says the most critical issues are 
data quality, scaling and “deployment of mining insight 
throughout our infrastructure. | would expect that companies that 
can make deployment of sophisticated mining models and 
algorithms across a n-tier open systems stack would do very well.” 


Wayne Thompson, product manager for data mining 
technology at SAS Institute in Cary, N.C., says that in the past 24 
months, data management has shifted from a tool kit product to a 
solution of best practices resulting in new business capabilities 
“such as credit scoring, bioinformatics, marketing automation and 
money or fraud identification. It's now a solution within a larger 
enterprise,” says Thompson, “which allows more focus and a more 
consumable product.” SAS, long known for its analytical focus, 
holds a 38% share of the data mining market. 


Database Administrator: Install 
and test database and applica- 
tion configuration; establish and 
maintain test and production 
databases; assure database 
security; install all system cus- 
tomization; perform all neces- 
sary database tuning; perform 
regular database audits to check 
data integrity, perform and test 
backup and recovery proce- 
dures, provide application devel- 
opment support to developers. 
Reg. BS or equivalent in CS or 
CIS + nine months experience in 
job offered or as Tech. Support 
Engineer. Must be Oracle and 
Microsoft certified. Must be pro- 
ficient in Advance C/S, Advance 
Web Access, PowerBuilder 
InfoMaker, Crystal Reports 
ASP, and Java Script. 40 hr/wk 
8am-5pm. Contact Herbert J 
Brunswick Georgia Tech 
Foundation Inc., 760 Spring 
Street, NW, Suite 400, Atlanta 
GA 30332-0182 


BSS ENGINEER: Designs 
develops, installs, tests and 
modifies BSS network system 
Conducts overall BSS imple- 
mentation quality assurance 
conirol and tests the BSS net- 
work system according to engi- 
neering data and telecommuni- 
cations principles. Performs 
BSS software upgrade and 
updating and analyzing of oper- 
ating statistics. Directs commis- 
sioning and integration of the 
Global! System for Mobile 
Communications and Base 
Transceiver Station network ele- 
ments to meet project goals 
Provides support and informa- 
tion to TAC1 and TAC2 
Interface to diagnostic center 
TAC3. Executes database han- 
dling for network changes and 
optimization. Job is in Miami, FL 
40 hrs. weekly. 9-5 pm 
$68 ,000/yr. Bachelor's degree or 
equivalent in Electronics 
Engineering or related field and 
2 years experience in job 
offered. Mail resume to S. Com 
Inc., 801 Brickell Ave., Suite 
#1560, Miami, FL 33131. Attn 
Ben Arkestain 


CoBank, ACB seeks a Software 
Engineer to work in Greenwood 
Village, CO, to engage in full life- 
modify applications on IBM cycle software development of 


mainframe. Req. BS Math/ web-based banking applica- 
Comp. Science/Rel. Field & tions. Requires a Bachelor's or 
a foreign equivalent in computer 
2 yrs exp in job/2 yrs exp as science, MIS, electronic engi- 
Sr. Analyst/Programmer neering or related field; 2 years 
Spec. Req. Expertise in 


Computer Systems Admin- 
istrator. Analyze/maintain/ 


In the past, data mining resulted in quantitative points — age, 
gender, zip code, how many cars you own. The changes Thompson 
sees are quantifiable and predict future behavior. Another 
advancement is the use of statistics with text. “Whether in 
business or research, much of the information we receive is in the 
form of text. At SAS we've come up with a way to combine textual 
with typical numeric data to come up with better predictive 
models,” Thompson says. 


The industry is also seeing data management move from 
research into a coliaborative work environment. Working with 
business leaders and the IT professionals who deploy data systems 
within larger enterprise or customer relationship management 
systems, data management professionals are developing models 
based on business trends. 


As these shifts occur, the shift in skills required is equally 
broad. The collaborative environment requires written and verbal 
communication abilities, as well as business understanding. The 
requirement for solid statistical skills (as evidenced by master’s or 
doctorate degrees in mathematics, statistics, computer science or 
even data mining) remains. Standard languages — PMML 
(predictive modeling markup language), which is an XML 
representation — is the base, but experience in C, C++ and JAVA 
also are important. “We also need people who can sit with a 
business manager, understand the business processes and develop 
models,” Thompson says. 


As with other IT job categories, the opportunities exist in IT 
companies such as SAS. They also are increasingly available in non- 
IT firms who are customizing and fully exploiting the data mining 
tools to analyze and predict. Thompson also recommends direct 
exposure to data management/mining tool kits, such as SAS 
Enterprise Miner or Text Miner, and attending conferences such as 
M2003, to be held Oct. 13-14 in Las Vegas. “It's an excellent forum 


~ Senior Software Engineer 
Spectrum Health Hospitals, in Grand Design and develop aa appli- 
Rapids, Michigan, seeks a Director - cations for solid modeling soft- 
Clinical Measurement & Evaluation ware systems, including low- 
for directing the coordination, facilita- level geometrical and topologi- 
tion, collection, analysis and report- cal operations and Boolean 
ing of clinical, customer, and human- operations. Design and develop 
istic data for quality improvement advanced surface software fea- 
programs. Duties include directing tures, such as sweep, loft, multi- 
the manipulation of clinical, adminis- sooner guage dee nah pecan ap 


aa nuity. Perform competitive 
trative and finance databases to analysis of other CAD/CAM soft- 


extract data for reporting purposes: ware applications. Conduct 
and directing the evaluation, selec- extensive testing. Provide tech- 
tion, implementation and mainte- nical support and problem reso- 
nance of continuous quality improve- lution during testing and imple- 
ment, database management, statis- mentation. Position requires 
tical, benchmarking, outcome report- Masters degree in Computer 
ing, and related software. Doctor of - nae Engineering or a relat- 
medicine degree required, plus 3 yrs ed field with 2 years experience 
ha a ie jel clad or a 3 in the position offered or two 

in ‘ a eee a years experience as a CAD 
medical information systems manag- Researcher or CAD Scientist 
er, and 3 yrs of experience as a 


Salary $90,461 Hours 
health care professionai providing Monday through Friday, 8am - 
dinical treatment. Send resume to 5pm. Interested applicants 
Kenneth Treece, Human Resources, should submit two (2) copies of 
Spectrum Health Hospitals, 251 resume to: Case #200202689. 
Michigan Street, N.E., Grand Rapids cna ere oe 19 

40 = tanifor tree! st loor, 
PT IS Boston, MA 02114 
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Dir. of IT. Design & develop CRM 
strategy & info. proc. protocols 
thru. Internet & intranet; develop 
& implement mai act. process. 
incl. assembly op., engr., testing 
quality plan, & inspection crite- 
ria, research user interface 
design, character layout & natur- 
al lang. proc.; NT/W2K system 
admin.- db/web server mgt; infra- 
Structure facilities e-mail 
domain, network admin.; network 


Java Programmer/Analyst 
wanted to design and 
develop _internet/intranet- 
based systems. Bachelor's 
degree in engineering and 
2 years experience req- 


uired Send resume to 


that focuses less on statistical skills than on how tools are being 
used to affect business,” he says 


Amazon.com's Collins adds, “If ever there was an opportunity 
for IT to be proactive for business, this is it. Professionals must 
understand data mining and statistics, their customer or company’s 
business and help map the two together. It is also essential that we 
be relentless in the pursuit of data quality and metadata for the 
high business value information we steward. And of course. 
nothing replaces solid data warehouse modeling, design and 
optimization skills.” 


Next Generation Data Center 

Mines text as well as data points 

Combines business modeling with analytics 
Predicts rather than reports 


Next Generation IT Skills 

Advanced analytical skills (statistics) 

Written/verbal communication 

Business models and best practices by industry sector 
Software development 

Enterprise-wide and web-enabled deployment 


For more information about IT Careers advertising, 
please contact: 

Nancy Percival 

Vice President, Recruitment Advertising 

800.762.2977 

500 Old Connecticut Path 

Framingham, MA 01701 
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ASP, XML, DHTML 
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Business 


designing and developing web- 
COBOL, DB2, CICS, CSF, 
Cordaptix & Utility Billing 
Systems. Send Resume 
Louie G. Abad, EV3A, Inc., 
104 Pierpoint Cir., Folsom 
CA 95630(Jobsite) 
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based applications using Oracle 
J2EE, Visual Age, HTML, XML 
and AS/400; working knowledge 
of Websphere and PVCS 
Respond by mail with resume to 
Bob O'Toole, CoBank, ACB 
5500 S. Quebec St., Greenwood 
Village, CO 80111 


security; website (domain) liS 
mgmt; remote surveillance of 
web host. platform; inspect & 
maintain sec. 508 comp! 
Requires: Ph.D ind. Eng. & 1 yr. 
exp. in job or 1 yr as Sys. Engr 
Comp. Salary. Send resume to 
HR, 206 S. Park Ave., Ste #B 
Winter Park, FL 32789. 


Kentucky Farm Bureau 
Mutual Insurance Comp- 
any, P. O. Box 20700 
Louisville, KY 40250-0600, 


Attn: Human Resources 


rization to work in the United o S and Oracle. US Workers 
States. Salary $93,280/year. 40 pene emee 
hoursiwk. Respond with two ing travel. Prevailing wage/ben- 
copies of resume to Case Send resume to HR SSG 
#200203127, Labor Exchange ee ae 
Office, 19 Staniford St. 1st Fl vee 
Boston, MA 02114 
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OBJECTSOFT, a New York 
based information technology 
and business consulting ser 
vices provider offer full cycle 
services since 5 based on 
ecific expertise 
jectSoft has follow 
pen positions in the 


) area 


Computer Systems A\ sts 
Analyze user requirements, pro- 
cedures, and »blems to auto- 
mate or improve existing sys- 
t and review computer sys: 
tem capabilities, workflow, and 
imitations using 

as str 

analysis, data modeling, mathe- 
matical model building and sam 
pling wit rong experience in 
gle and multi dimensiona 
data warehousing applications 
using SAS, Business Objects 
oS Micro Strategy 
Informatica, MSDTS, Oracle 
Clinical, Oracle, C, PL/SQL 
4.5, UNIX, WINDOWS 


Requirements: Master Degree 
or its equivalent in Business 
Math, Management Information 
Systems, Engineering or ted 
field and at least one year of 
experience or Bachelors degree 
r its equivalent in Business. 
Math, Management Information 
Systems, Engineering or related 
field and at least three years of 
experience performing the listed 
duties 
Computer Programmers 
Analyst 
Convert project specifications 
and statements of problems and 
procedures to detailed logical 
ow charts for coding into com 
puter language. Develop and 
write computer programs tc 
store, locate, and retrieve spe- 
cific documents, data, and infor- 
mation using with Strong experi- 
ence in single and multi dimen- 
data warehousing appli 
is using SAS, Business 
Objects Cognos. Micro 
Strategy, Informatica & MSDTS 
Middleware MQ Series, MQSi 
J2EE technologies. Web 
Methods, C++, Visual C++ 
MFC, OLE, SDK, COM, JAVA 
JSP, EJB, ASP, VB, Active-x 
NET, and Developer 2000 
Requirements: Master Degree 
or its equivalent in Business. 
Math, Management Information 
Systems, Engineering or related 
field and at least one year of 
experience or Bachelors degree 
or its equivalent in Business. 
Math, Management Information 
Systems, Engineering or related 
field and at least three years of 
experience performing the listed 
duties 


Interested candidates should 
send resumes to ATTN: Human 
Resources, Objectsoft Group 
Inc., 401 N. Michigan Avenue 
Suite 1200 Chicago, IL 60611 
Email resumes@objectsoft- 
group.com FAX: 253-423-6635 
OBJECTSOFT GROUP EOE 


MNeET2s 


ET2S is a leading International e- 
business, information technology 
and nmunication infrastructure 
consulting firm. We are currently 
seeking for the following positions 


* Sr. Tibco (RV, Hawk, Ingetration 
Manager) Developer 

+ IT Risk Mgmt Security Architect 

* Sun One / Siteminder Architect 

* Business Objects / Cognos 
Developers 

+ NET Architect 


All positions require BS/MS degree 
with a minimum of 2 to 3 years of 
experience in the field. Must pos- 
sess excellent communication 
skills as well 


NET2S, 82 Wall Street, Suite 400. 
New York, NY 10005; Fax: (212) 
279-1960; Phone (212) 279-6565; or 
Email: jobus-ny@n m 
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Boehringer Ingelheim 
Pharmaceuticals. Inc has 
immediate openings in_ its 
Ridgefield, Connecticut facility 
for the position of Senior 
Software Engineer 


Develops and implements sys- 
tems using a variety of technical 
tools, identifies problems or 
opportunities to increase effec 
tiveness and productivity and 
reduces operational costs 
through optimal use of informa- 
tion systems 


Mu: a Master's degree 
or equiv nt in Business 
Administration or a related field 
and three years of work experi- 
er in an IT field. In the alter- 
native, a Bachelor's degree in 
Computer Science, Electrical 
Engineering or a related techni- 
cal field and at least five years of 
relevant business experience in 
marketing and operations would 
also be acceptable. Experience 
to include college coursework 
project or work experience with 
Documentum, WDK, DFC, Web 
PublisherDesktop, Java, EJB 
Servelets, JSP, Web Logic 
Oracle, VB, COM/DCOM, IIS 
XML HTML/DHTML and 
JavaScript and developing 
client/server and web applica- 


tions 


Resume and/or cover letter 
must reflect each requirement 
above and specify reference 
code AD-GCD/GC0503 or it will 
be rejected 


Forward resume to BI Staffing 
Center, PO Box 534, Waltham 
MA 02454. EOE 


QA Engineer I! (Denver, CO) - 
Design, develop, implement 
test & troubleshoot newly devel- 
oped or redesigned products 
systems, or equipment of mod- 
erate scope & complexity 
Perform test design & analysis 
for applications developed via 
various SW programming lan- 
guages & tools including Java 
C/C++, & Oracle. Plan & exe- 
cute test methodologies using 
UNIX, Oracle, PL/SQL, & EDI 
(Electronic Data Interchange) 
applications. Provide technical 
support Design test result 
reports & report defects. BS 
Comp Sci, Eng, or related +18 
months related exp + 
working/theoretical knowledge 
of Java C/C++ Oracle 
Unix/Unix Scripting; PL/SQL, & 
EDI $71,393/yr. M-F. 8-5. 
Resume only to Workforce 
Development Programs, PO 
Box 46547, Denver, CO 80202 
Ref. Job#CO05058187 


Software Engineer: Develop. 
Test & Implement new applica- 
tions using Java, HTML, Java 
Script, VB Script, DHTML 
Oracle, Pl/Sqi, XML, Weblogic 
or Apache Tomcat. Analyze cur- 
rent procedures & systems to 
refine & convert the data to pro- 
grammable form. Study existing 
systems to evaluate effective 
ness & upgrades systems 
presently in use. Monitor imple- 
mented systems for issues & 
update as necessary. Strong 
skills in Objected Oriented 
Analysis and Design; Data 
Modeling with thorough knowl- 
edge of relational database con- 
cepts; Writing database proce- 
dures, triggers and functions 
Must have 2 yrs exp. and B.S. in 
CS/Sci. or 2 yrs. related exp. 
60K/yr; 8A-5P. 40nrs/wk. Submit 
2 resumes to Case#200202671 
Labor Exchange Office, 19 
Staniford St., 1st Fl., Boston, MA 
02114 
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System Software Engineer 
Work as part of software devel- 
opment team to write software 
for automatic ultrasonic imaging 
systems, including motion con- 
trol, instrument setup, data 
acquisition, operator interface. 
image display and processing 
and data analysis. Focus on 
instrument contro! and data 
acquisition software and graphi- 
cal user interface design 
Interface with customers, in- 
house sales staff, hardware 
development engineers and 
manufacturing engineers to 
specify, customize and imple- 
ment software modules. 
Provide accurate estimates of 
required time to complete soft- 
ware tasks Use Microsoft 
SourceSafe for version control 
Provide on-site support for 
installation and testing of system 
software as required. Interface 
with customers as required to 
assist with support and service 
Program in C/C++ and Visual 
C++ under Windows NT/98 
Use object oriented design 
motion controi software and GU! 
knowledge Requirements 
include a Bachelor's degree or 
equivalent in an Engineering 
discipline, Physics or closely 
related technical field and three 
years of work experience in the 
job offered or related field of sys- 
tem and control software engi- 
neering. Applicants must have 
unrestricted authorization to 
work in the United States 
Salary $74,838/year 40 
hours/wk Respond with two 
copies of resume to Case 
#200202405, Labor Exchange 
Office, 19 Staniford St., 1st Fl 
Boston, MA 02114 


Software Engineers: Software 
life cycle development in 
Microsoft Development tools 
suite including C#.Net, Oracle 
RDBMS tools suite, SQi Server. 
DB2, COBOL and related tech 
to develop array of apps. includ- 
ing secure Client Server/Web 
based HR, Communication and 
Government apps. Complete job 
description or to apply contact 
HR, 3761 Venture Dr., Bidg 
100, Suite 240, Duluth, GA 
30096. 


MECHANICAL ENGINEER 


Require BS in mechanical engi- 
neering and 3 yr. exp. in position 
offered. Must have taken cours- 
es in thermodynamics, hydro- 
mechanics, and heat transfer 
theories and research exp. in 
energy field. Resume to Arbin 
Instruments, 762 Peach Creek 


cut Off Rd., College Station, TX 


economy. 


itcareers.com 


SOFTWARE ENGNR: Analyze 
dsgn & dvip web-based appins 
& systems. Specific duties 
include dsgn, dvip & config- 
ure websites & systems per 
client specs using VB, ASP. 
MTS, Visual Source Safe, Java 
Visual Interdev, DCOM, COM+ 
Active X, ADO and IIS; (ii 
Program Lead for cl 

jects; (iii) perform syste: 

sis, coding & testing 
componen 

Center QA 

maintain & ti 
mization & compliance w/system 
reqmnts of health care industry 


analysis & 

identity & 2 

basec 

Bach 

Electric 

positi offered or <2 a Prog 
Software 


Jave v 
ASP, COM, COM+ 
X, ADO, XML, SQL 
SOAP, Seagate Crystal 
Reports, KRONOS 
Interdev & Visual Source Safe 
as well as working w/iBaaN 
CRM components (incl. Baan 
EIA and BOIS as well as iBaan 
CRM); (2) 2 yrs health care 
industry exp ncluding exp 
wi/compliance stndrds (HL7 
CCOW, HIPAA) ability to 
adhere to industry-wide software 
dvipmnt stndrds, incl. SEI-CMM 
SEI-PSP; & (4) hi mobility 
preferred. 40 hrs/wk, 8 am - 5 
pm, $64,240/yr. Qualified appli- 
cants please submit resume to 
McKeesport CareerLink, Attn 
ES Manager, 345 Fifth Avenue 
McKeesport, PA 15132-2600 
Please refer to Job Order No 
WEB 360618 


ObjectWin Ss ooking 
Programmer/System Analyst 
other IT professionals. Applicants 
must have BS 

Skills in ASP.Net 

HTML, VB.Net, XSL 

CMS, SSL & MS certifi 

ferred. Competitive wage. Apply 
at: skarande@objectwin.com 


EOE 


Techgene Solutions has open- 
ings for System Analysts or 
Software En - 


Cobol, JCL, Oracle 

Travel may be req: d for some 
positions. smail but sta- 
ble. Comp e salary. Please 
apply at bapujik@yahoo.com 


EOE 


OmniPros, a worldwide provider 
of software solutions seeks moti- 
vated IT professionals specializ- 
ing in: Java, J2EE, Oracle 
\ Webmethod, Vitria. 
Tibco, Portals, Oracle CRM 
(Technica 11 Oracle Mfg 
(Technical/Functiona’ 11i) 
Oracle Finance (Technic 
Business Deve’ 

nical Operations Management 
Positions are located 
in Chicago 

e-mail resume 
careers@omnipros.com 
resume to 408-944-0719, or 
mail resume to: OmniPros Ltd 
99 W. Tasman Drive, Ste 205 
San Jose, CA 95134 


Systems Administrator sought 
by computer s/w development 
firm in Jacksonville, FL. Must 
have Bach in Comp Sci., Engg 
or equiv and two yr relevant exp 
in designing, developing and 
implementing LAN, WAN, VPN 
and telephone 
Windows/Linux-based DNS 
DHCP. WINS Servers/Domain 
controllers; SQL Server7.0 
2000; and Oracle 8i/9i for OLAP 
& OLTP databases. Respond to 
HR Dept., Intelligenxia, Inc 
4905 Belfort Rd. Ste 110 
Jacksonville, FL 32256. 


networks 


iT|careers 


Senior Software Engineer- 
Platform Services 
Participate in spe 
design, development and sup- 
port of company products includ- 
ing the overall architecture 
component interfaces and com- 
munication schemes, client and 
server-side programs written in 
Java and C++. Develop Oracle 
SQL Server and LDAP databas 
schemas. Assist with p- 
ment of pro plans a 
ules. Follow rigor 
engineering standard: 
2 product 
nal and 
specifications and adhering 
coding standards. Lead efforts 
and resolve any prod- 
mance issues. Me: 
je engineers. Rea 
include a Master's 
equivalent in Com cience. 
an Engineering discipline 
Mathematics or related field and 
three years of work experience 
in the job offered or related field 
of software engineering using 
C++, or a Bachelor's degree or 
equivalent in Computer Science. 
an Engineering discipline or 
related field and five years of 
progressively responsible expe- 
rience in the job offered or relat- 
ed field of software engineering 
using C++ Applicants must 
have unrestricted authorization 
to work in the United States. 
Salary $78,000/year 40 
hours/wk. Respond with two 
of resume to Case 
200203134, Labor Exchange 
Office, 19 Staniford St., 1st F 
Boston, MA 02114 


Software Engineer - Provide 
software engineering consulting 
services to clients for Storage 
Area Network (SAN) systems 
that may include systems manu- 
facture by Compaq, EMC and/or 
Hitachi, or others. Design and 
implement management and 
monitoring SNMP software for 
the SANs and other IP devices 
Configure and test SAN devices 
including, but not limited to 
Brocade Switches, Foundry 
68000 routers Crossroad 
routers, Cisco and Tape 
Libraries. Will use software ian- 
guages including Java, CORBA 
HTML, Java serviets, Visual 
Basic, Pascal, JSP, SML, JMS 
and networking protocols such 
as SNMP, TCP/IP, HTTP. HP 
Overview, etc. Work includes 
SAN/LAN programming for high 
scalability. Masters degree in CS 
and two years of experience or 
Bachelor's degree and five 
years of experience on software 
work including SANS systems 
Experience must nclude 
Design, develop, implement 
test SANs systems; work with 
routers and switches such as 
Cisco routers/switches, Foundry 
68000 switches; work on 
SAN/LAN solutions; Must be 
willing to be assigned to unantic- 
ipated client sites throughout the 
United States. Hours: M-F, 8:00 
a.m. to 5:00 p.m.; 40 hrs/wk 
Salary: $85,384/year. Send 
duplicate resumes to: Job Order 
# 2003-336, P.O. Box 989 
Concord, NH 03302-0989. 


Seeking qualified applicants for 
the following positions n 
Memphis/Collierville, TN: Senior 
Technical Analyst. Research 
evaluate, implement and coordi- 
nate changes to computer sys- 
tems/applications. Requirements 
Bachelor's degree or equivalent in 
computer science, math, engi- 
neering or related field plus 5 
years of experience in systems: 
applications development, includ- 
ing programming. Experience 
with IMS DB/DC, Cobol Ii and 
TSO also required. “Master's 
degree in appropriate field will off- 
set 2 years of general experience 
Submit resumes to Sibi George 
FedEx Corporate Services, 1900 
Summit Tower Bivd., Suite 1400 
Orlando, FL 32810 EOE 
M/F/D/V. 


Regional Sales 


| Manager 


West Coast 


IT Careers has an exciting opportunity for a high- 
ly motivated and seasoned sales professional to 


join our team 


This Regional Manager will be 


responsible for selling integrated recruitment 
advertising packages consisting of Print (within 


our network of publications) 


Online and 


Recruitment Event Show Booths, as well as other 
products as they become established. Emphasis 
will be on generating revenue by developing new 
accounts, but this individual will be responsible 
for growing existing accounts and servicing 
recruitment ad agencies ensuring that IT Careers 
is top of mind. The candidate will be the part of a 
sales team working to set the territory strategy 
therefore collaborative selling skills are critical. In 
addition, this person must have a solid under- 
standing of the IT recruitment market, be an 
effective communicator and negotiator and have 
a proven record in sales. Minimum of 5+ years of 
outside sales experience required, preferabiy in 
recruitment advertising sales. This position will 
be based in the candidate's home office on the 
west coast. Travel is required 


If interested, please email a resume to 
jcjobs@idg.com or fax to (508)935-4600. 
Please include code ITC922 in the subject 


line. 


__s¥icareers—— 
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ciency dapt p 
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and test trading applicatio 


nigrate them 


write and rewrite program Ic 
Use experience in C++ 
Basic, Exce 
administration 

Knowlec 

Nomics. Req 

a Bachelor's 


post-degree work experience ir 
the job offered 

software 

Experie 

C++ 

administration. A\ 

have unrest 

to work in 

Salary ) 
hours/wk with two 
copies of r o Case 
#200203201 r Exchange 
Office, 19 Staniford St., 1st F 
Boston, MA 02114 


Software Engineers & 
Programmers: Analyze, design 
test and implement specialize 
software applications for e-com- 
merce, Web. Client Server tech- 
nologies, Legacy systems and 
distributed apps. in Weblogic 
Corba, Apache, Mainframe. 
ASP, J2EE, Siebel, PB and 
related technologies utilizing 
appropriate RDBMS inciuding 
Oracle and DB2. HR, Instcomp. 
Inc., 906 Lacey Ave., Suite # 
206, Lisle, IL 60536. EOE 
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Systems Analyst. 6.S. in 
Comp. Sci. or equiv. + 3 
yrs. rel. exp. Exp. to 
include C/C++, UML 
Python, XP, JavaScript 
SQL, STL, MacApp, Mac 
OS X (carbon), and .Net 
Send resumes to Robert 
Long MetaCommun- 
ications, Inc., 1210 S$ 
Gilbert St., lowa City 
lowa 52240-4506 





Computer - Consulting Senior IT 
Specialist. Pittsburgh, Penn- 
sylvania and various client sites 
throughout the United States. 
Provide consulting services in 
the areas of performance analy- 
sis, skills and competency man 
agement and learning support 
design to customers of IBM soft 
ware to customers, specifically 
eading edge web a cation 
server products such a 
Sphere. Participate in the 
development and maintenance 
expertise in IBM Software prod- 
s and other IBM e-Busine 
Travel to customer 
ocations and consult with cus- 
Prov mentor and 
al leadership to Web 
ation development and 
t teams. Perform 
sks including overall 
ution architecture, analysis. 
Sig programming, perfor- 
nce tuning, product installa- 
and system integration 
Java and JavaScript on 
indows environment Req 
uires a Bachelor's Degree or for 
eign degree equivalent in 
Computer Science, CIS, MIS 
Engineering (any type) or relat- 
ed field, and two (2) years expe- 
rience in the job offered or (2) 
two years of experience in the 
related occupation of IT 
Specialtist, Sr. Specialist, Dev- 
eloper, Programmer Analyst 
Programmer or Consultant 
$90,000.00 per year. 40 hours 
per week 8:00am-6:00pm. Must 
have proof of legal authority to 
work permanently in the U.S 
Send cover letter and resume to 
Job Order Number WEB360221 
PA Career Link/Job Service, Site 
Directo tsburgh/Allegheny 
County Career Link, ATTN: CL 
Program Supervisor, 425 Sixth 
Avenue, Suite 2200, Pittsburg 
1 19-1837 


Programmer Analyst 
(Micro/Web) 
Multiple Openings 


Structured systems analysis 
design, development, testing. 
quality assurance, implementa- 
tion, integration, maintenance 
and support of integrated client- 
server based systems for busi- 
n financial, banking, manu- 
facturing and other commercial 
business application systems in 
a multi-hardware/multi-software 
environment using centralized or 
distributed relational database 
management systems, 4GLs 
(Fourth Generation Languages) 
and other GUI (Graphical User 
Interface) front-end tools 
Analysis, design and develop 
ment of client-server applica- 
tions using object-oriented 
methodology. Bachelor's Degree 
(or equivalent) in Computer 
Science-Math/Engineering 
Science/Business-Commerce 
and 1 yr. experience in job 
offered or as Software Engineer: 
Systems Analyst are required 
Must have appropriate combina- 
tion of skills as foliows: 1 of A 
and 2 of B; or 2 of Aand 1 of B 
or 3 of A. A includes Oracle 
Sybase, Informix, SQL Server 
Progress, Ingres, Access and 
Proxy Server; and B i des 
PowerBuilder, Visual Basic, MS- 
Windows, Visual C++, JAM 
APT-SQL, SQL*FORMS, ESQL 
C, GUPTA SQL, Progress 4GL 
Informix 4GL, Ingres 4GL, C 
Java, Lotus Notes, HTML, CGI 
NS, ASP, Front Page, Perl and 
Java Development Kit (JDK) 
High mobility preferred 40 
hrs/week, 8 am - 5 pm. $67,995 
- $78,000 per year. Qualified 
applicants should contact or 
send resume to Mon Valley 
Regional! CareerLink, Attn: Actg 
CL Program Supervisor, Donora 
Industrial Park, 570 Galiffa 
Drive, Donora, PA 15033. Refer 
to Job Order # WEB 360639 


Dae Vacto eS 


Engineer 
Pitney Bowes Inc. has an open- 
ing in its Shelton, Connecticut 
office for an Engineer. 
Develop new concepts and pro- 
totypes in the areas of intelligent 
networked devices and informa- 
tion appliances for mail and 
aging and develop novel 
2mbedded system solutions 
Must possess at least a bache- 
lor's degree or its equivalent in 
al Engineering, Comp- 
nce or a related field 
and relevant work experience 
including college coursework. 
project and/or work experience 
with USB software driver devel- 
opment and hardware interfac 
ing; embedded software devel- 
opment experience at the API 
handheld and 
wireless devices such as the 
iPAQ, Dolphin and Symbol scan: 
ners; embedded Java program 
ming experience to author 
¢ independent software 
erfaces for use in enterprise 
level integrated systems;trou- 
bleshooting wireless connectivi- 
ty issues at the hardware and 
API level (including vendor inter- 
facing and verification and vali- 
dation of system built to specifi- 
cation) d hardware level 
debugging of wireless and wired 
components 
Resume and/or cover letter 
t reflect each requirement 
above and specify reference 
code E/MZ or it will be rejected 
Forward resume to Robbin Drew 
Elliott, Pitney Bowes Inc., One 
Elmcroft Road, Stamford, CT 
06926-0700. 


COMPUTER/IT 

Quality Assurance Analyst (Test 
Automation Specialist) (Troy, 
Ml). Req. Bachelor's degree (or 
higher) or equiv. foreign educ. in 
comp. science, bus. admin 

stats., or related eng. field, & 2 
yrs.’ exp. in the job offered or 2 
yrs.’ exp. in execution of SAP 
R/3 quality assurance review & 
testing procedures for Materials 
Mgmt. (MM), Prod. Planning 
(PP), Sales & Distribution (SD) 
Finance (Fl), and Human 
Resources (HR) modules using 
Mercury Interactive tools. All 
stated exp. must include: cre- 
ation & maintenance of automat- 
ed test scripts using QuickTest 
& use of Test Director to manage 
& administer testing process 
Analyze, define, & develop qual- 
ity assurance standards, prac- 
tices, & conventions for comp 
systems. Execute SAP R/3 
quality assurance review & test- 
ing procedures for MM, PP, SD. 
Fl, & HR modules using Mercury 
Interactive tools. 40 hrs./wk 
8:00-5:00. Apply with resume to 
LaWanda White Delphi 
Corporation, 5825 Delphi Drive. 
Troy, Michigan 48098. EOE 
Reference #0613 when apply- 
ing 


Blackbaud, the leading end-to- 
end data management and 
technology solutions provider for 
the nonprofit community, offer- 
ing software, services and e- 
solutions, is seeking a Senior 
Statistician based in  Charle- 
ston, South Carolinato generate 
and supervise development of 
custom response models for 
non-profit organizations, particu- 
lariy around fundraising. The 
candidate will create multi-vari- 
ant regression models that 
determine the likelihood to make 
a certain type of donation and 
the capacity to make a donation 
to particular non-profit organiza- 
tions. Requirements are a 
Master's degree in Economics, 
Statistics or related field as well 
as four years of experience as a 
Statistician or Research Analyst 
using SAS tools for statistical 
and regression modeling. If 
interested please submit 
resume via the Careers Section 
of www.blackbaud.com . Please 
put reference number-O905ELG 
in the cover letter when apply- 
ing. EOE 


SENIOR SOFTWARE ENGI 
NEER to lead a team in the 
design, development and sup- 
port of web-based application 
software and databases using 
J2EE, SQL Server, Oracle 
Java, Serviets, Swing, Applets. 
JSP, EJB, JavaScript, JDBC 
RMI, CORBA JavaBeans 
HTML, XML, ASP.NET, VB.NET, 
VBScript, XSL, XSLT, ASP, VB 
ADO.NET, ADO, DAO, RDO 
Visual Studio, COM and Visual 
Source Safe under Windows 
operating systems. Require 
M.S degree in Computer 
Science/Engineering, or a close: 
ly related field with 2 yrs of exp 
in the job offered or as a 
Programmer/Analyst. Extensive 
travel on assignments to various 
client sites within the U.S. is 
required. Competitive salary 
offered. Apply by resume to 
Srinivasa R. Manne, Methodex 
Consulting Services, Inc., 1517 
W. Irving Blvd., Irving, TX 
75061; Attn: Job VP. 


COMSYS is an established IT 
consulting firm that serves lead- 
ing corporations including 174 of 
the Fortune 500. With COM- 
SYS, you get: Extensive 
Benefits, Additional Comp- 
ensation for referrals, and 
Professional Challenges with 
training and assignments to 
keep you at the forefront of tech- 
nology. With 30 offices, we need 
the services of experienced con- 
sultants across the US. 


* Computer Programmers 
+ Programmer Analysts 

* Systems Analyst 

* Software Engineers 

+ User Support Specialists 
+ DBA's 

* Business Analysts 

* Project Leaders 


Submit resume to 
COMSYS 
3030 LBJ Freeway 

Suite 905 
Dallas, TX 75234 
www.comsys.com 
Fax: 972-960-0914 

EOE/M/F/DV 


Millennium Software, Inc. has 
immediate opportunities: Comp: 
uter Programmers, Progra- 
mmer/Analysts, Systems Analy- 
sts, Software Engineers 
Consultants, DBAs, Architects 
and Project Managers with 4 or 
more skills in following environ- 
ments: Java, EJB, Shell Scripts 
SAS, PLC, Textra, XML, SQL 
mqPCxX, PowerBuilder, Rational 
Rose, Relational Databases 
Perl, SAP, Primavera Team Play 
P3e, Teradata, MQ-Series 
IMS, Adabase, Natural, Web- 
sphere, Oracle Workflow, Filenet 
eprocess, Floware Workflow 
engine, C/C++, HTML, Visual- 
Basic, COBOL, DCEDFS 
AutoCAD, Six-Sigma. B. S. or 
M.S. reqd. + 1 yr. exp. depend- 
ing on position. Frequent travel 
and relocation. Send confiden- 
tial résumé and salary require- 
ments to: 2000 Town Center, Ste 
300, Southfield, M! 48075 Visit 
our website at www.webmsi.com 


Immediate opportunities for both 
entry-level and experienced 
Programmers Programmer 
Analysts, Systems Analysts. 
Software Engineers, DBA's and 
Software Consultants with three 
or more of the following skills 
Java, Shell Scripts, SAS, PLC 
Textra, XML, SQL, DB2 
mqPCx, Oracle, PowerBuilder 
Rational Rose, Sybase, Perl 
PeopleSoft, Crystal Enterprise 
Crystal Reports, Teradata & MS 
Visual Studio. B.S. or M.S 
degree or foreign equiv. in rele- 
vant field req'd + 1 yr. exp 
depending on position. Frequent 
travel and relocation. Send con- 
fidential résumé and salary 
requirements to: HR, Saras 
America, Inc 32605 W. 12 Mile 
Rd, Ste 180 Farmington Hills, MI 
48334 Visit our website at 
www.sarasamerica.com 


Computerworld 
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Software engineer to design 
develop and test computer pro- 
grams for business applications 
analyze software requirements 
to determine feasibility of 
design; direct software system 
testing procedures using exper- 
tise in WebSphere, WebLogic. 
iPlanet, Oracle, Dreamweaver 
and JBuilder. Requirements 
Bachelor's Degree or equivalent 
in Computer Science or related 
field and two years experience 
as a software engineer or com- 
puter programmer, knowledge of 
WebSphere, WebLogic, iPlanet 
Oracle Dreamweaver and 
JBuilder. Salary: $66,000/year. 
Working Conditions: 8:00 A.M 
to 5:00 P.M., 40 hours/week 
involves extensive travel and 
frequent relocation Apply 
BECS/CareerLink Program 
Supervisor, Indiana County 
CareerLink, 300 Indian Springs 
Road, Indiana, PA 15701, Job 
No. WEB362143 


Software engineer to design 
develop and test computer pro- 
grams for business applications 
analyze software requirements 
to determine feasibility of 
design; direct software system 
testing procedures using exper- 
tise in PowerBuilder, PL/SQL 
StarTeam, PowerDesigner and 
Rational Rose. Requirements: 
Bachelor's Degree or equivalent 
in Computer Science or related 
field and two years experience 
as a software engineer or com- 
puter programmer, knowledge of 
PowerBuilder, PL/SQL, Star- 
Team, PowerDesigner and 
Rational Rose. Salary: $70,000/ 
year. Working Conditions: 8:00 
A.M. to 5:00 P.M., 40 hours: 
week, involves extensive travel 
and frequent relocation. Apply 
Site Manager, Armstrong County 
CareerLink, 1270 North Water 
Street, PO Box 759, Kittanning 
PA 16201-0759, Job No 
WEB362147 


SOFTWARE ENGINEER to 
design, develop, maintain and 
implement applications to 
process online transactions 
using Java, JSP (STRUTS 
Framework), JOBC, EJB, JMS 
JavaScript, Oracle XML 
Rational Rose, Clear Case and 
WebSphere under Windows NT 
operating system. Require 
Master's degree in Computer 
Science/Engineering, or a close- 
ly related field with 2 yrs of exp in 
the job offered or as a 
Programmer/Analyst. Compe- 
titive salary offered. Apply by 
resume to: Dave Bloomquist 
Global Software Development 
Services, Inc.,10 South 5th St., 
Ste. 700, Minneapolis, MN 
55402; Attn: Job RM 


Client/Server Analyst 
Louisville, KY: Designs 
implements and supports two- 
tier and three-tier client/server 
infrastructure in a multi-server 
WAN/LAN environment with 
NT and Netware server sup- 
port at the O/S level 
Requires a Bachelor's degree 
and at least one year of expe- 
rience in the above. Reply 
with resume to: IT Job, P.O 
Box 6351, Louisville, KY 
40206-0351 


Multiple positions available for 
computer professionals includ- 
ing Software Engineers 
Programmer Analysts, Systems 
Analysts, Computer Progr- 
ammers, Network Analysts 
Systems Administrators, Soft- 
ware Developers. Website 
Developers, DBAs, etc. Loca- 
tions vary.Openings now 
wileader in the field including 
TEKsystems, Onsite and Allegis 
Group. Req's: Bach., MS or 
equiv. in relevant field, may 
require exp. Travel and/or relo- 
cation possible E.0.E 
Competitive salary & benefits 
Send resumes to: J. Brigham, 
Allegis Group, HR; 7301 
Parkway Drive, Hanover, MD 
21076, ID Job No. FL1003. 
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PROGRAMMERIANALYST to 
analyze, design , develop and 
maintain application software in 
a client/server environment 
using Power Builder, Visual 
Basic Erwin, Install Shield 
Crystal Reports, Oracle and 
Pro*C under Windows NT/2000 
and Linux operating systems 
Require: B.S. degree (or equiva- 
lent) in Computer Science 
Programming, or a closely relat- 
ed field with 2 yrs of exp in the 
job offered; Each 3 yrs of pro- 
gressively responsible work exp 
in the field will be considered 
equivalent to 1 yr of college edu- 
cation. Extensive travel on 
assignments to various client 
sites within the U.S. is required 
Competitive salary offered 
Apply by resume to: Shri 
Gangal, Syspro Technologies. 
Inc. 13010 Morris Road, 6th 
Floor, Alpharetta, GA 30004 
Attn: Job VT. 


Programmer/Analyst to design 
develop, implement, maintain 
and support application software 
in a client/server environment 
using Visual C++, Windows 
SDK, MFC, ATL, Visual Basic 
COM/DCOM, ASP, XML, HTML 
and MTS on Windows 
Platforms. Require: BS Degree 
in Science/Engineering or a 
closely related field with 2 years 
of progressively responsible 
experience in the Job offered or 
in the related occupation of 
Software Engineer. Extensive 
travel on assignments to various 
client sites within the US is 
required. Competitive salary 
offered. Apply by resume to 

Ravi Kandimalla Everest 
Computers, Inc 900 Old 
Roswell Lakes Parkway, Suite 
300, Roswell, GA 30076; Attn 
JobBS 


Software Analyst I! 

Duties: Perform modeling, evalu- 
ation, testing & design/analysis of 
s/w. Min Req: Masters/Info Tech 
w/ concent. in Mgt Info Tech; 3 yrs 
exp. in s/w design/analysis using 
Dynamic C, C++, Visual Basic 
including at least 3 yrs exp in 
embedded s/w design & imple- 
ment. Dernonstrated proficiency 
in GPS receiver tech, cell. comm 
tech, implement. of NMEA proto- 
col & integration of TDMA and 
Microburst based cell. comm 
modules. 40 hrs/wk. salary dep 
on quals Must have proof of 
legal authority to work in U.S. 
Submit resume by mail only to 
GTS, 5385 Mark Dabling Bivd 
Ste 101, Colo. Springs, CO 
80918 


Indo-American Connection LLC 
has openings for Business 
Analysts with at least two years 
of experience and Programmer 
Analysts and Software 
Engineers with at least two 
years of experience in the fol- 
lowing: Java, JavaScript, HTML 
C++, Oracle Database, Visual 
Basic, PowerBuilder, IS, SQL 
Server, MS Access, HP Unix 
and Win. NT. Some positions 
require a Bachelors Degree 
others Masters Degree 
Equivalent degree and experi- 
ence is also accepted. Exc. Pay 
& Bnfts. Mail resume to: HR 
Dept., Indo-American Conn- 
ection LLC, 27 Timber Road. 
Edison, NJ 08820. 


Merrick Systems, Inc. provides 
software and consulting services 
for the energy industry leverag- 
ing e-business and m-business 
technology. Senior System 
Analyst: Analyze, architect, 
develop, integrate and Test 
Multi-Tier Enterprise Application 
using VB.NET, XML Web 
Services, PB, C++ 
Rational Rose, J2EE, Jaguar 
CTS and EAI technologies using 
database in Oracle, Sybase and 
SQL Server. Need Bachelor's 
degree in Computer Sciences or 
Engineering or related and 2+ 
years of industry experience 
Mail to: 4801 Woodway #100E, 
Houston, TX 77056 or E-mail 
resumes@merricksys.com 


Programmer Analyst 


Multiple positions available to 
analyze user requirements, pro- 
cedures, and problems to auto- 
mate processing and to improve 
existing computer systems 
Position requires B.S. in Comp 
Sci or related field, (6) months 
work exp. in position offered or 
in computer industry, & experi- 
ence with 1 of the following: (1) 
Database Administration; (2) 
Orbs or TP monitors in a multi- 
threaded UNIX or NT environ- 
ment; or (3) Java or EJB 
Requires extensive travel & relo- 
cation. $67,995/yr. EOE. Res- 
ponses to: Site Director 
Pittsburgh/Allegheny County 
CareerLink, ATTN: CL Program 
Supervisor, 425 Sixth Avenue 
Suite 2200, Pittsburgh, PA 
15219-1837. Reference Job 
Order # WEB 359824 


Multiple positions available for 
computer professionals includ- 
ing Soft. Eng.'s, P/A's, Systems 
Analysts, Network Analysts, 
Systems Admin.'s, SW Deve- 
lopers, Website Developers, 
DBA'S, etc. Locations vary. 
Openings now wileader in the 
field including TEKsystems, 
Onsite, and Allegis Group. Req's 
degree (Bach. MS, or equiv.) in 
relevant field. Travel/frequent 
relocation possible. £.0.E 
Competitive salary & benefits 
Resume to: J. Brigham, Allegis 
Group, HR; 7301 Parkway 
Drive, Hanover, MD 21076. ID 
Job No. 10-01-2003 
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Continued from page 1 


IBM Hosting 


bel Systems Inc. in San Mateo, 


Calif., to offer CRM services 
in this manner (see story at 
right). 

An IBM data center in Boul- 
der, Colo., houses the systems, 
which users can access re- 
motely on a pay-as-you-go ba- 
sis. The service will gradually 
be expanded to other IBM fa- 
cilities around the world, and 
U.S. companies could 
eventually have their 
day-to-day business 
applications residing 
on servers located in 
places such as India. 

Mike Riegel, man- 
ager of IBM’s e-busi- 
ness hosting services, 
said that outside of 
regulated industries 
such as health care 
and financial ser- 
vices, the use of offshore data 
centers can work. 

“There is a lot of fear, un- 
certainty and doubt about 
cross-border delivery,” said 
Riegel. “But when you really 
dig into the regulatory envi- 
ronment, there aren’t many 
impediments to it.” 

Rneimetione sonnei 


Early adopters of offshore out- 
sourcing of IT systems, as op- 
posed to application develop- 





ba 
aa 
MERCURIO: “It’s 
important that 
eam ul} 
service fresh.” 


ment, are focusing on remote 
monitoring, database administra- 
tion and other systems adminis- 
tration functions. 

But analysts and offshore ser- 


vice providers say they aren't see- 


ing firms relocating data center 
hardware offshore. Companies 
maintain that although such a 
move probably isn’t worth the mi- 
gration expense, they may use 
hardware located offshore 
through an outsourcing vendor. 

“Moving the machine is really 
unnecessary,” said Suresh Gupta, 
a consultant at Capco, an 


run data centers all over the 
world. But the idea of turning 
part or all of a company’s data 
center operations over to an 


| offshore provider is in its in- 


fancy, according to offshore 
service providers and analysts. 

Some companies are begin- 
ning to use offshore service 
providers to remotely manage 
and monitor their data centers 
in low-cost countries while 
keeping the hardware and data 
in North America and Europe. 
But most offshore users are 
like Lancaster, Pa.- 
based Armstrong 
World Industries Inc., 
which focuses its off- 
shore operations on 
application develop- 
ment. 

Armstrong, which 
has 59 plants in 14 
countries, turned to 
an offshore developer 
to help it cut costs 
and get out of bank- 
ruptcy brought on by as- 


bestos-related lawsuits. 


Edison, N.J.-based Intelli- 


group Inc., which has an off- 
shore development center in 


Hyderabad, India, is responsi- 


ble for development and main- 
tenance of Armstrong’s SAP 
AG ERP system, said Mark 
Oe Armstrong’s director 


“Soe Gade il 


Lore: 


Antwerp, Belgium-based financial 
services consulting firm. He sees 

network monitoring functions go- 

ing offshore as part of an “extend- 
ed team” approach. For instance, 

a company in India could manage 
a network during overnight hours 

in the U.S. 

But there are many elements 
affecting a decision to outsource 
infrastructure operations offshore, 
geopolitical concerns and secuti- 
ty. It remains “more of a niche and 
still a slowly evolving process,” 
said Richard Matlus, research di- 
rector at Gartner Inc. in Stamford, 
Conn. 

But offshore aside, infrastruc- 
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Siebel Takes Hosted CRM Plunge With IBM 


Two years after it pulled the plug 
on its first hosted CRM software 
offering, Siebel Systems is once 
again entering that market, this 
time through a deal with IBM. 

Siebel and IBM last week said 
they plan to jointly offer a hosted 
set of new CRM applications 
aimed primarily at small and mid- 
size companies. Dubbed Siebel 
CRM OnDemand, the hosting ser- 
vice is due to become available 
this quarter and will be run on 
systems at IBM's data centers. 

Customers will be charged a 
monthly fee of $70 per end user 
and will be able to customize the 
applications themselves, without 
needing help from consultants, 
according to Richard Gorman, 
Siebel's senior vice president of 
products. 

Gorman said Siebel also hopes 
to entice larger companies to use 


of program management. 
Young said the offshore 
arrangement has yielded cost 
savings through reduced head 
count and the flexibility to in- 
crease or decrease his re- 
sources as needed. He said he 
also looked at hardware out- 
sourcing but opted instead for 


oues pees: 


ministration Moving Offshore 


ture outsourcing is growing in the 
U.S., and offerings are expanding. 
For instance, Sun Microsystems 
Inc. last week said it had struck an 
agreement with Houston-based 
SchlumbergerSema, the IT ser- 
vices arm of Schlumberger Ltd., 
for outsourced, pay-as-you-go 
services. Schlumberger will use 
Sun servers to provide services 
targeted at the energy, finance, 
telecommunications and govern- 
ment sectors. The servers can be 
hosted at the customer's site or 
Schlumberger’s data center. 

While these data center ser- 
vices can be provided anywhere, 
“the barrier is the customer com- 
fort to sending something off- 


Siebel CRM OnDemand for small 
software deployments that can 
later be expanded. OnDemand is 
built on a separate architecture 
and has its own user interface, but 
it can be integrated with and up- 
graded to Siebel’'s full-fledged ap- 
plications, he added. 

Planitax Inc., an Emeryville, 
Calif.-based company that sells 
tax software, is beta-testing the 
Siebel/IBM offering. Chris Staub- 
er, a former Siebel employee who 
is now chief technology officer at 
Pianitax, said the company is 
looking at using Siebel CRM 
OnDemand to replace an existing 
set of hosted CRM applications 
from an unidentified vendor. 

The CRM software Planitax is 
already using won't meet the 
company’s future needs, Stauber 
said. Siebel is still adding func- 
tionality to its hosted offering but 


internal improvements, such 


as server consolidations, to re- 


duce his costs. 

Still, Young said he contin- 
ues to review vendor out- 
sourcing options, such as 


IBM’s Virtual Server Services. 


“When you are trying to be- 
come financially stable, you 


shore,” said Ashif Dhanani, direc- 
tor of utility computing at Sun. 

Kumar Mahadeva, CEO of Cog- 
nizant Technology Solutions 
Corp., an offshore services pro- 
vider in Teaneck, N.J., said he’s 
seeing business processes such 
as claims processing go overseas, 
resulting in the creation of off- 
shore data centers to support 
those operations. 

Andre Mendes, chief technolo- 
gy integration officer at Public 
Broadcasting Service in Alexan- 
dria, Va., said he believes that lo- 
cating data centers anywhere in 
the world is becoming almost in- 
evitable as technology improves. 
“The only bottlenecks left behind 
are geopolitical ones,” he said. 

- Patrick Thibodeau 


| spective is... 
| that IBM keep this service 





has more sophisticated capabili- 
ties, including built-in analytics, 
he added. “The basis for the ap- 
plication is the enterprise version 
of their software,” Stauber noted. 
“What holes there are are mostly 
cosmetic.” 

Siebel launched a Web-based 
CRM service called Sales.com in 
1999, but it scrapped the unprof- 
itable venture two years later. The 
joint offering with IBM wil! com- 
pete against CRM application 
service providers such as Sales- 
force.com Inc., a San Francisco- 
based company that claims 
100,000 end users for its hosted 
software service. 

Liz Roche, an analyst at Meta 
Group Inc., said teaming with IBM 
could help Siebel attract users 
that have steered clear of hosted 
CRM installations. 

- Stacy Cowley, IDG News Service 


are always looking for cost [re- 
duction] opportunities,” he 
said. 

Paul Mercurio, CIO at Exxon 
Mobil Travel Guide LLC, a 
subsidiary of Exxon Mobil 
Corp. in Park Ridge, Ill., has 
been using IBM Virtual Server 
Services for the past year. 
They were initially offered to 


| customers that wanted to port 


applications to IBM zSeries 


| mainframes running Linux. 


Mercurio, who uses the ser- 


| vice for his company’s Web 


production and publishing, 
said the cost is as much as 
30% below any alternative. 
“The key thing from my per- 
it’s important 


fresh [and] new” as technolo- 


| gy improvements are made, he 


said. 

With respect to the location 
of services, Mercurio said it 
doesn’t matter where a re- 
source is. “What matters is 
that you have a path to the re- 
source and that there is a suf- 
ficient amount of that re- 
source available,” he said. 


@ 41838 
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ely Screens 


HERE ARE SOME UGLY SCREENS in your applications. 
Your users know them all too well. They’re the screens 
where users have to copy information with a pencil and 
paper, or where one wrong keystroke will wipe out 15 
minutes of work, or where the application can suddenly 


freeze for no apparent reason. 


Your developers know those ugly screens, too. They’ve tried to fix 
those screens for years. But the code is a kludgy, convoluted mess, 
and simple fixes won’t work. Ripping those screens out and making 
them right would cost a bundle, which you don’t have to spare. Be- 
sides, users have lived with those screens, ugly as they are, for a long 
time — and if they have to, they can keep living with them. 

So if you can’t fix an ugly screen, what can you can do with it? 


Document it. Don’t pretend that these eyesores 
don’t exist. Keep a list of them. Track what fixes 
were tried and didn’t work — and when and 
why. That way, you'll always know how long it’s 
been since someone last tried to fix one. If the 
application is ever completely rewritten, you 
won't forget and inadvertently preserve that 
ugly screen’s logic. 

Give your most junior developers a shot at it. Hey, 
they don’t know it’s impossible to fix. If they 
come up with an ingenious solution, great. If 
not, at least they’ll get a taste of the worst your 
legacy code has to offer. That’s something you 
can be sure they didn’t learn in school. 

Bless the work-around for it. Your users have 
probably figured out the best way to deal with 
each ugly screen. You’ve probably been too em- 
barrassed to include those work-arounds in 
documentation and training. Get over it, and 
get the users to write up those work-around de- 
scriptions. And who knows? Once your devel- 
opers know exactly what the users 
do to dodge ugly screens, they may 
even figure out a fix. 

Put a bounty on it. Nothing encour- 
ages developers to take another 
look at problem code like a cash re- 
ward for coming up with the idea 
that finally fixes it. But save your 
bounties for longstanding problems, 
or you may end up with “problems” 
in new code that just happen to be 
prime candidates for bounties. 

Ask users how it should work. Maybe 
you're going about this the wrong 
way — trying to fix logic that no 





FRANK HAYES, Computer- 
world's senior news colum- 
nist, has covered !Tformore projects. But if they can fix those 
than 20 years. Contact him at 
frank_hayes@computerworld.com. 


longer needs to be so convoluted. If users can 
simplify the screen’s functional definition, you 
might be able to make it work. But be careful to 
manage expectations. Don’t tell users you’re 
fixing it — just that you’re trying. 

Junk it. OK, virtually junk it. Ask a small 
group of users to try using the application with- 
out touching that screen. If they can’t, you’re no 
worse off. If they can, maybe you can decom- 
mission that screen entirely. 

Find out how important it is to the users’ man- 
agers. If it’s top-of-mind for a manager, you can 
discuss what it will cost to do this expensive fix 
right. If he didn’t know about it, your question 
demonstrates that you’re being proactive about 
solving his users’ problems. Either way, it helps 
you gauge how big a deal it really is. 

Make it a poster child for your IT budget. It’s bad. 
It should be fixed. It’s not your fault; you inher- 
ited it. It costs users time and effort, and that 
means money. Fixing it will take some major 
dollars. Sure, you just began a new 
fiscal year. But start a campaign 
now, and you'll have a well-primed 
pump when the next budget cycle 
comes around. 

If nothing else works, ship it over- 
seas. Face it: You can’t fix this code 
in-house. And your CEO wants you 
to dip a toe into offshore outsourc- 
ing. Your offshore partners won’t 
love you for sending your nastiest, 
thorniest problems as their first 


ugly screens, you'll know you got 
your money’s worth. @ 41543 
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Logging Out the Hard Way 

This control-freak IT manager just has to have the 
same rights that his mainframe programmers and op- 
erators have. Then one day, the entire transaction sys- 
tem vanishes suddenly for 400 users. “Even stranger, 
a crisis had occurred, and the boss wasn't demanding 
astatus report,” says a pilot fish on the scene. Appar- 
ently, the boss had had trouble logging out, so he used 
avery risky, very restricted, wamed-about-in-the-docs 
utility. “He logged himself out - and took 400 users 
with him,” says fish. “He let us take away his unneces- 
sary authorities after that. No arguments.” 


SHAR for any em- 


ry 
In om 


he runs a particular this pllot fish and accus- 
report, so IT pilot fish | inna 
searches the knowledge : patched machine. Can't 
base for a solution. “It: be, says fish - mine’s 
says, ‘Run the report —_: patched. It turns out to 
onamachine witha § : beaconference-room 
processor speed under = PC that fish logged onto 
1 GHz, or open as many — | for a demo. “Who owns 
programs as possible 

to slow the machine 

down,” ™ groans fish. 

“Where are the 386s 

when you need one?” 


Slowdown 
Payroll user’s 
new 2-GHz PC 
onda 
message when 


Just What 

She Asked Fer 

The entire network goes i 

out, and panicked IT ap-_ : 

plications manager calls; “Talking Trash 
the help desk. “Her mis- _ virus destroy the 
sion-critical department 

was being impacted by 

our unplanned total net- : 

work outage, andshe == 

demanded awireless == 

laptop to connect to the: 

downed network,” says: 

didn’t have the heart to: ing, when th 
tell her that it wouldn’t —: cleaning: 
work. Lastiheard,a =: 

tech-support staffer was 

going upstairs to drop 

off the laptop.” 


Oops! 
Blasted by the latest 
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